VYPR

Vendor CVEs

Autodesk

All CVEs

319 total · sorted by risk
  • CVE-2016-9307CriJan 25, 2017
    risk 0.64cvss 9.8epss 0.02

    Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed 3DS format files.

  • CVE-2016-9306CriJan 25, 2017
    risk 0.64cvss 9.8epss 0.02

    Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DAE format files.

  • CVE-2016-9305CriJan 25, 2017
    risk 0.64cvss 9.8epss 0.01

    Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismatches and previously deleted objects related to reading and converting malformed FBX format files can allow attackers to gain access to uninitialized pointers.

  • CVE-2016-9303CriJan 25, 2017
    risk 0.64cvss 9.8epss 0.04

    Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code or cause an infinite loop condition when reading or converting malformed FBX format files.

  • CVE-2016-9304HigJan 25, 2017
    risk 0.57cvss 8.8epss 0.02

    Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DFX format files.

  • CVE-2026-0661HigFeb 4, 2026
    risk 0.55cvss 8.4epss 0.00

    A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

  • CVE-2026-0660HigFeb 4, 2026
    risk 0.55cvss 8.4epss 0.00

    A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

  • CVE-2026-0538HigFeb 4, 2026
    risk 0.55cvss 8.4epss 0.00

    A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

  • CVE-2026-0537HigFeb 4, 2026
    risk 0.55cvss 8.4epss 0.00

    A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

  • CVE-2026-0535HigJan 22, 2026
    risk 0.53cvss 8.1epss 0.01

    A maliciously crafted HTML payload, stored in a component’s description and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or…

  • CVE-2026-0534HigJan 22, 2026
    risk 0.53cvss 8.1epss 0.00

    A maliciously crafted HTML payload, stored in a part’s attribute and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute…

  • CVE-2026-0533HigJan 22, 2026
    risk 0.53cvss 8.1epss 0.01

    A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this…

  • CVE-2026-7454HigMay 26, 2026
    risk 0.51cvss 7.8epss 0.00

    A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

  • CVE-2026-7452HigMay 26, 2026
    risk 0.51cvss 7.8epss 0.00

    A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

  • CVE-2026-7451HigMay 26, 2026
    risk 0.51cvss 7.8epss 0.00

    A maliciously crafted TIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

  • CVE-2026-0659HigFeb 4, 2026
    risk 0.51cvss 7.8epss 0.00

    A maliciously crafted USD file, when loaded or imported into Autodesk Arnold or Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

  • CVE-2016-2344HigMar 28, 2016
    risk 0.49cvss 7.5epss 0.04

    Stack-based buffer overflow in manager.exe in Backburner Manager in Autodesk Backburner 2016 2016.0.0.2150 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted command. NOTE: this is only a vulnerability in…

  • CVE-2026-4369HigApr 14, 2026
    risk 0.46cvss 7.1epss 0.00

    A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage…

  • CVE-2026-4345HigApr 14, 2026
    risk 0.46cvss 7.1epss 0.00

    A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary…

  • CVE-2026-4344HigApr 14, 2026
    risk 0.46cvss 7.1epss 0.00

    A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this…

  • CVE-2026-7453MedMay 26, 2026
    risk 0.36cvss 5.5epss 0.00

    A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can cause a Stack Exhaustion vulnerability, leading to a denial-of-service condition.

  • CVE-2026-7450MedMay 26, 2026
    risk 0.36cvss 5.5epss 0.00

    A maliciously crafted PAR file, when parsed through Autodesk 3ds Max, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to a denial-of-service condition.

  • CVE-2021-27030Apr 19, 2021
    risk 0.04cvss epss 0.60

    A user may be tricked into opening a malicious FBX file which may exploit a Directory Traversal Remote Code Execution vulnerability in FBX’s Review causing it to run arbitrary code on the system.

  • CVE-2008-4472Oct 7, 2008
    risk 0.04cvss epss 0.08

    The UpdateEngine class in the LiveUpdate ActiveX control (LiveUpdate16.DLL 17.2.56), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to execute arbitrary programs via the second argument to the ApplyPatch method.

  • CVE-2008-4471Oct 7, 2008
    risk 0.04cvss epss 0.07

    Directory traversal vulnerability in the CExpressViewerControl class in the DWF Viewer ActiveX control (AdView.dll 9.0.0.96), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to overwrite arbitrary files via "..\" sequences in the…

  • CVE-2010-5241Sep 7, 2012
    risk 0.03cvss epss 0.01

    Multiple untrusted search path vulnerabilities in Autodesk AutoCAD 2010 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) IBFS32.DLL file in the current working directory, as demonstrated by a directory that contains a .dwg file. NOTE: the provenance…

  • CVE-2009-3578Nov 24, 2009
    risk 0.03cvss epss 0.04

    Autodesk Maya 8.0, 8.5, 2008, 2009, and 2010 and Alias Wavefront Maya 6.5 and 7.0 allow remote attackers to execute arbitrary code via a (1) .ma or (2) .mb file that uses the Maya Embedded Language (MEL) python command or unspecified other MEL commands, related to "Script Nodes."

  • CVE-2009-3577Nov 24, 2009
    risk 0.03cvss epss 0.05

    Autodesk 3D Studio Max (3DSMax) 6 through 9 and 2008 through 2010 allows remote attackers to execute arbitrary code via a .max file with a MAXScript statement that calls the DOSCommand method, related to "application callbacks."

  • CVE-2009-3576Nov 24, 2009
    risk 0.03cvss epss 0.03

    Autodesk Softimage 7.x and Softimage XSI 6.x allow remote attackers to execute arbitrary JavaScript code via a scene package containing a Scene Table of Contents (aka .scntoc) file with a Script_Content element, as demonstrated by code that loads the WScript.Shell ActiveX…

  • CVE-2026-10789Jun 22, 2026
    risk 0.00cvss epss 0.00

    A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary code execution. A successful exploit may allow code to execute with the…

  • CVE-2026-1288Jun 17, 2026
    risk 0.00cvss epss 0.00

    A maliciously crafted RFA file, when converted to FormIt via “Convert RFA to FormIt” in Autodesk Revit, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to a denial-of-service condition.

  • CVE-2026-0536Feb 4, 2026
    risk 0.00cvss epss 0.00

    A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

  • CVE-2026-0662Feb 4, 2026
    risk 0.00cvss epss 0.00

    A maliciously crafted project directory, when opening a max file in Autodesk 3ds Max, could lead to execution of arbitrary code in the context of the current process due to an Untrusted Search Path being utilized.

  • CVE-2025-10889Dec 15, 2025
    risk 0.00cvss epss 0.00

    A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

  • CVE-2025-10884Dec 15, 2025
    risk 0.00cvss epss 0.00

    AA maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current…

  • CVE-2025-14593Dec 15, 2025
    risk 0.00cvss epss 0.00

    A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current…

  • CVE-2025-11797Nov 12, 2025
    risk 0.00cvss epss 0.00

    A maliciously crafted DWG file, when parsed through Autodesk 3ds Max, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

  • CVE-2025-11795Nov 12, 2025
    risk 0.00cvss epss 0.00

    A maliciously crafted JPG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

  • CVE-2025-8354Sep 23, 2025
    risk 0.00cvss epss 0.00

    A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Type Confusion vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

  • CVE-2025-10244Sep 23, 2025
    risk 0.00cvss epss 0.00

    A maliciously crafted HTML payload, when rendered by the Autodesk Fusion desktop application, can trigger a Stored Cross-site Scripting (XSS) vulnerability. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the…

  • CVE-2025-8894Sep 16, 2025
    risk 0.00cvss epss 0.00

    A maliciously crafted PDF file, when parsed through certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

  • CVE-2025-8893Sep 16, 2025
    risk 0.00cvss epss 0.00

    A maliciously crafted PDF file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current…

  • CVE-2025-5048Aug 15, 2025
    risk 0.00cvss epss 0.00

    A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

  • CVE-2025-5047Aug 15, 2025
    risk 0.00cvss epss 0.00

    A maliciously crafted DGN file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

  • CVE-2025-5046Aug 15, 2025
    risk 0.00cvss epss 0.00

    A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

  • CVE-2025-6634Aug 6, 2025
    risk 0.00cvss epss 0.00

    A maliciously crafted TGA file, when linked or imported into Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

  • CVE-2025-6633Aug 6, 2025
    risk 0.00cvss epss 0.00

    A maliciously crafted RBG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

  • CVE-2025-6632Aug 6, 2025
    risk 0.00cvss epss 0.00

    A maliciously crafted PSD file, when linked or imported into Autodesk 3ds Max, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

  • CVE-2025-7675Jul 29, 2025
    risk 0.00cvss epss 0.00

    A maliciously crafted 3DM file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current…

  • CVE-2025-5043Jul 29, 2025
    risk 0.00cvss epss 0.00

    A maliciously crafted 3DM file, when linked or imported into certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current…

Page 1 of 7