Vendor CVEs
Autodesk
All CVEs
319 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-23146 | 0.00 | — | 0.00 | Jun 25, 2024 | A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL through through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the… | |||
| CVE-2024-23145 | 0.00 | — | 0.00 | Jun 25, 2024 | A maliciously crafted PRT file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of the current process. | |||
| CVE-2024-23144 | 0.00 | — | 0.00 | Jun 25, 2024 | A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMBASE228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the… | |||
| CVE-2024-23143 | 0.00 | — | 0.00 | Jun 25, 2024 | A maliciously crafted 3DM, MODEL and X_B file, when parsed in ASMkern229A.dll and ASMBASE229A.dll through Autodesk applications, can force an Out-of-Bound Read and/or Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or… | |||
| CVE-2024-23142 | 0.00 | — | 0.00 | Jun 25, 2024 | A maliciously crafted CATPART, STP, and MODEL file, when parsed in atf_dwg_consumer.dll, rose_x64_vc15.dll and libodxdll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, can lead to code execution in… | |||
| CVE-2024-23141 | 0.00 | — | 0.00 | Jun 25, 2024 | A maliciously crafted MODEL file, when parsed in libodxdll through Autodesk applications, can cause a double free. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process. | |||
| CVE-2024-23140 | 0.00 | — | 0.00 | Jun 25, 2024 | A maliciously crafted 3DM and MODEL file, when parsed in opennurbs.dll and atf_api.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context… | |||
| CVE-2024-23139 | 0.00 | — | 0.00 | Mar 17, 2024 | A maliciously crafted ABC file, when parsed through Autodesk FBX, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. | |||
| CVE-2024-23138 | 0.00 | — | 0.00 | Mar 17, 2024 | A maliciously crafted DWG file when parsed through Autodesk DWG TrueView can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | |||
| CVE-2024-23137 | 0.00 | — | 0.01 | Feb 22, 2024 | A maliciously crafted STP or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process. | |||
| CVE-2024-23136 | 0.00 | — | 0.00 | Feb 22, 2024 | A maliciously crafted STP file in ASMKERN228A.dll when parsed through Autodesk applications can be used to dereference an untrusted pointer. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process. | |||
| CVE-2024-23135 | 0.00 | — | 0.00 | Feb 22, 2024 | A maliciously crafted SLDPRT file in ASMkern228A.dll when parsed through Autodesk applications can be used in user-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process. | |||
| CVE-2024-23134 | 0.00 | — | 0.00 | Feb 22, 2024 | A maliciously crafted IGS file in tbb.dll when parsed through Autodesk AutoCAD can be used in user-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process. | |||
| CVE-2024-23133 | 0.00 | — | 0.00 | Feb 22, 2024 | A maliciously crafted STP file in ASMDATAX228A.dll when parsed through Autodesk applications can lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the… | |||
| CVE-2024-23132 | 0.00 | — | 0.01 | Feb 22, 2024 | A maliciously crafted STP file in atf_dwg_consumer.dll when parsed through Autodesk applications can lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of… | |||
| CVE-2024-23131 | 0.00 | — | 0.01 | Feb 22, 2024 | A maliciously crafted STP file, when parsed in ASMIMPORT229A.dll, ASMKERN228A.dll, ASMkern229A.dll or ASMDATAX228A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other… | |||
| CVE-2024-23130 | 0.00 | — | 0.01 | Feb 22, 2024 | A maliciously crafted SLDASM or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the… | |||
| CVE-2024-23129 | 0.00 | — | 0.00 | Feb 22, 2024 | A maliciously crafted MODEL 3DM, STP, or SLDASM file, when in opennurbs.dll parsed through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in… | |||
| CVE-2024-23128 | 0.00 | — | 0.01 | Feb 22, 2024 | A maliciously crafted MODEL file, when parsed in libodxdll.dll and ASMDATAX229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution… | |||
| CVE-2024-23127 | 0.00 | — | 0.01 | Feb 22, 2024 | A maliciously crafted MODEL, SLDPRT, or SLDASM file, when parsed in ODXSW_DLL.dll and libodxdll.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute… | |||
| CVE-2024-23126 | 0.00 | — | 0.00 | Feb 22, 2024 | A maliciously crafted CATPART file when parsed CC5Dll.dll through Autodesk applications can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current… | |||
| CVE-2024-23125 | 0.00 | — | 0.00 | Feb 22, 2024 | A maliciously crafted SLDPRT file when parsed ODXSW_DLL.dll through Autodesk applications can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current… | |||
| CVE-2024-23124 | 0.00 | — | 0.01 | Feb 22, 2024 | A maliciously crafted STP file, when parsed in ASMIMPORT228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the… | |||
| CVE-2024-23123 | 0.00 | — | 0.01 | Feb 22, 2024 | A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMBASE228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the… | |||
| CVE-2024-23122 | 0.00 | — | 0.01 | Feb 22, 2024 | A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the… | |||
| CVE-2024-23121 | 0.00 | — | 0.01 | Feb 22, 2024 | A maliciously crafted MODEL file, when parsed in libodxdll.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the… | |||
| CVE-2024-23120 | 0.00 | — | 0.00 | Feb 21, 2024 | A maliciously crafted STP and STEP file, when parsed in ASMIMPORT228A.dll and ASMIMPORT229A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute… | |||
| CVE-2024-0446 | 0.00 | — | 0.00 | Feb 21, 2024 | A maliciously crafted STP, CATPART or MODEL file, when parsed in ASMKERN228A.dll and ASMdatax229A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute… | |||
| CVE-2024-20677 | 0.00 | — | 0.03 | Jan 9, 2024 | A security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint and Outlook for Windows and Mac. Versions of Office that had this feature enabled will no… | |||
| CVE-2023-41140 | 0.00 | — | 0.00 | Nov 23, 2023 | A maliciously crafted PRT file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause a Heap-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current… | |||
| CVE-2023-41139 | 0.00 | — | 0.00 | Nov 23, 2023 | A maliciously crafted STP file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to dereference an untrusted pointer. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process. | |||
| CVE-2023-29076 | 0.00 | — | 0.01 | Nov 23, 2023 | A maliciously crafted MODEL, SLDASM, SAT or CATPART file when parsed through Autodesk AutoCAD 2024 and 2023 could cause memory corruption vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process. | |||
| CVE-2023-29075 | 0.00 | — | 0.01 | Nov 23, 2023 | A maliciously crafted PRT file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause an Out-Of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current… | |||
| CVE-2023-29074 | 0.00 | — | 0.01 | Nov 23, 2023 | A maliciously crafted CATPART file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause an Out-Of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current… | |||
| CVE-2023-29073 | 0.00 | — | 0.01 | Nov 23, 2023 | A maliciously crafted MODEL file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause a Heap-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current… | |||
| CVE-2023-41146 | 0.00 | — | 0.00 | Nov 22, 2023 | Autodesk Customer Support Portal allows cases created by users under an account to see cases created by other users on the same account. | |||
| CVE-2023-25001 | 0.00 | — | 0.00 | Jun 27, 2023 | A maliciously crafted SKP file in Autodesk Navisworks 2023 and 2022 be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution. | |||
| CVE-2023-25002 | 0.00 | — | 0.00 | Jun 27, 2023 | A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution. | |||
| CVE-2023-25003 | 0.00 | — | 0.00 | Jun 23, 2023 | A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities. Exploitation of this vulnerability may lead to code execution. | |||
| CVE-2023-27908 | 0.00 | — | 0.00 | Jun 23, 2023 | A maliciously crafted DLL file can be forced to write beyond allocated boundaries in the Autodesk installer when parsing the DLL files and could lead to a Privilege Escalation vulnerability. | |||
| CVE-2023-25007 | 0.00 | — | 0.00 | May 12, 2023 | A malicious actor may convince a user to open a malicious USD file that may trigger an uninitialized pointer which could result in code execution. | |||
| CVE-2023-25005 | 0.00 | — | 0.00 | May 12, 2023 | A maliciously crafted DLL file can be forced to read beyond allocated boundaries in Autodesk InfraWorks 2023, and 2021 when parsing the DLL files could lead to a resource injection vulnerability. | |||
| CVE-2023-27909 | 0.00 | — | 0.00 | Apr 17, 2023 | An Out-Of-Bounds Write Vulnerability in Autodesk® FBX® SDK version 2020 or prior may lead to code execution through maliciously crafted FBX files or information disclosure. | |||
| CVE-2023-27910 | 0.00 | — | 0.01 | Apr 17, 2023 | A user may be tricked into opening a malicious FBX file that may exploit a stack buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior which may lead to code execution. | |||
| CVE-2023-25010 | 0.00 | — | 0.00 | Apr 17, 2023 | A malicious actor may convince a victim to open a malicious USD file that may trigger an uninitialized variable which may result in code execution. | |||
| CVE-2023-27911 | 0.00 | — | 0.01 | Apr 17, 2023 | A user may be tricked into opening a malicious FBX file that may exploit a heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior which may lead to code execution. | |||
| CVE-2023-29067 | 0.00 | — | 0.00 | Apr 14, 2023 | A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | |||
| CVE-2023-27914 | 0.00 | — | 0.00 | Apr 14, 2023 | A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can be used to write beyond the allocated buffer causing a Stack Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in… | |||
| CVE-2023-27912 | 0.00 | — | 0.00 | Apr 14, 2023 | A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in the context of the current process. | |||
| CVE-2023-27913 | 0.00 | — | 0.00 | Apr 14, 2023 | A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can be used to cause an Integer Overflow. A malicious actor can leverage this vulnerability to cause a crash or read sensitive data, or execute arbitrary code in the context of the current process. |
- CVE-2024-23146Jun 25, 2024risk 0.00cvss —epss 0.00
A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL through through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the…
- CVE-2024-23145Jun 25, 2024risk 0.00cvss —epss 0.00
A maliciously crafted PRT file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of the current process.
- CVE-2024-23144Jun 25, 2024risk 0.00cvss —epss 0.00
A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMBASE228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the…
- CVE-2024-23143Jun 25, 2024risk 0.00cvss —epss 0.00
A maliciously crafted 3DM, MODEL and X_B file, when parsed in ASMkern229A.dll and ASMBASE229A.dll through Autodesk applications, can force an Out-of-Bound Read and/or Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or…
- CVE-2024-23142Jun 25, 2024risk 0.00cvss —epss 0.00
A maliciously crafted CATPART, STP, and MODEL file, when parsed in atf_dwg_consumer.dll, rose_x64_vc15.dll and libodxdll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, can lead to code execution in…
- CVE-2024-23141Jun 25, 2024risk 0.00cvss —epss 0.00
A maliciously crafted MODEL file, when parsed in libodxdll through Autodesk applications, can cause a double free. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.
- CVE-2024-23140Jun 25, 2024risk 0.00cvss —epss 0.00
A maliciously crafted 3DM and MODEL file, when parsed in opennurbs.dll and atf_api.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context…
- CVE-2024-23139Mar 17, 2024risk 0.00cvss —epss 0.00
A maliciously crafted ABC file, when parsed through Autodesk FBX, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
- CVE-2024-23138Mar 17, 2024risk 0.00cvss —epss 0.00
A maliciously crafted DWG file when parsed through Autodesk DWG TrueView can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
- CVE-2024-23137Feb 22, 2024risk 0.00cvss —epss 0.01
A maliciously crafted STP or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.
- CVE-2024-23136Feb 22, 2024risk 0.00cvss —epss 0.00
A maliciously crafted STP file in ASMKERN228A.dll when parsed through Autodesk applications can be used to dereference an untrusted pointer. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
- CVE-2024-23135Feb 22, 2024risk 0.00cvss —epss 0.00
A maliciously crafted SLDPRT file in ASMkern228A.dll when parsed through Autodesk applications can be used in user-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
- CVE-2024-23134Feb 22, 2024risk 0.00cvss —epss 0.00
A maliciously crafted IGS file in tbb.dll when parsed through Autodesk AutoCAD can be used in user-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
- CVE-2024-23133Feb 22, 2024risk 0.00cvss —epss 0.00
A maliciously crafted STP file in ASMDATAX228A.dll when parsed through Autodesk applications can lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the…
- CVE-2024-23132Feb 22, 2024risk 0.00cvss —epss 0.01
A maliciously crafted STP file in atf_dwg_consumer.dll when parsed through Autodesk applications can lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of…
- CVE-2024-23131Feb 22, 2024risk 0.00cvss —epss 0.01
A maliciously crafted STP file, when parsed in ASMIMPORT229A.dll, ASMKERN228A.dll, ASMkern229A.dll or ASMDATAX228A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other…
- CVE-2024-23130Feb 22, 2024risk 0.00cvss —epss 0.01
A maliciously crafted SLDASM or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the…
- CVE-2024-23129Feb 22, 2024risk 0.00cvss —epss 0.00
A maliciously crafted MODEL 3DM, STP, or SLDASM file, when in opennurbs.dll parsed through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in…
- CVE-2024-23128Feb 22, 2024risk 0.00cvss —epss 0.01
A maliciously crafted MODEL file, when parsed in libodxdll.dll and ASMDATAX229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution…
- CVE-2024-23127Feb 22, 2024risk 0.00cvss —epss 0.01
A maliciously crafted MODEL, SLDPRT, or SLDASM file, when parsed in ODXSW_DLL.dll and libodxdll.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute…
- CVE-2024-23126Feb 22, 2024risk 0.00cvss —epss 0.00
A maliciously crafted CATPART file when parsed CC5Dll.dll through Autodesk applications can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current…
- CVE-2024-23125Feb 22, 2024risk 0.00cvss —epss 0.00
A maliciously crafted SLDPRT file when parsed ODXSW_DLL.dll through Autodesk applications can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current…
- CVE-2024-23124Feb 22, 2024risk 0.00cvss —epss 0.01
A maliciously crafted STP file, when parsed in ASMIMPORT228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the…
- CVE-2024-23123Feb 22, 2024risk 0.00cvss —epss 0.01
A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMBASE228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the…
- CVE-2024-23122Feb 22, 2024risk 0.00cvss —epss 0.01
A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the…
- CVE-2024-23121Feb 22, 2024risk 0.00cvss —epss 0.01
A maliciously crafted MODEL file, when parsed in libodxdll.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the…
- CVE-2024-23120Feb 21, 2024risk 0.00cvss —epss 0.00
A maliciously crafted STP and STEP file, when parsed in ASMIMPORT228A.dll and ASMIMPORT229A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute…
- CVE-2024-0446Feb 21, 2024risk 0.00cvss —epss 0.00
A maliciously crafted STP, CATPART or MODEL file, when parsed in ASMKERN228A.dll and ASMdatax229A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute…
- CVE-2024-20677Jan 9, 2024risk 0.00cvss —epss 0.03
A security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint and Outlook for Windows and Mac. Versions of Office that had this feature enabled will no…
- CVE-2023-41140Nov 23, 2023risk 0.00cvss —epss 0.00
A maliciously crafted PRT file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause a Heap-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current…
- CVE-2023-41139Nov 23, 2023risk 0.00cvss —epss 0.00
A maliciously crafted STP file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to dereference an untrusted pointer. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
- CVE-2023-29076Nov 23, 2023risk 0.00cvss —epss 0.01
A maliciously crafted MODEL, SLDASM, SAT or CATPART file when parsed through Autodesk AutoCAD 2024 and 2023 could cause memory corruption vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
- CVE-2023-29075Nov 23, 2023risk 0.00cvss —epss 0.01
A maliciously crafted PRT file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause an Out-Of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current…
- CVE-2023-29074Nov 23, 2023risk 0.00cvss —epss 0.01
A maliciously crafted CATPART file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause an Out-Of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current…
- CVE-2023-29073Nov 23, 2023risk 0.00cvss —epss 0.01
A maliciously crafted MODEL file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause a Heap-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current…
- CVE-2023-41146Nov 22, 2023risk 0.00cvss —epss 0.00
Autodesk Customer Support Portal allows cases created by users under an account to see cases created by other users on the same account.
- CVE-2023-25001Jun 27, 2023risk 0.00cvss —epss 0.00
A maliciously crafted SKP file in Autodesk Navisworks 2023 and 2022 be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.
- CVE-2023-25002Jun 27, 2023risk 0.00cvss —epss 0.00
A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.
- CVE-2023-25003Jun 23, 2023risk 0.00cvss —epss 0.00
A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities. Exploitation of this vulnerability may lead to code execution.
- CVE-2023-27908Jun 23, 2023risk 0.00cvss —epss 0.00
A maliciously crafted DLL file can be forced to write beyond allocated boundaries in the Autodesk installer when parsing the DLL files and could lead to a Privilege Escalation vulnerability.
- CVE-2023-25007May 12, 2023risk 0.00cvss —epss 0.00
A malicious actor may convince a user to open a malicious USD file that may trigger an uninitialized pointer which could result in code execution.
- CVE-2023-25005May 12, 2023risk 0.00cvss —epss 0.00
A maliciously crafted DLL file can be forced to read beyond allocated boundaries in Autodesk InfraWorks 2023, and 2021 when parsing the DLL files could lead to a resource injection vulnerability.
- CVE-2023-27909Apr 17, 2023risk 0.00cvss —epss 0.00
An Out-Of-Bounds Write Vulnerability in Autodesk® FBX® SDK version 2020 or prior may lead to code execution through maliciously crafted FBX files or information disclosure.
- CVE-2023-27910Apr 17, 2023risk 0.00cvss —epss 0.01
A user may be tricked into opening a malicious FBX file that may exploit a stack buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior which may lead to code execution.
- CVE-2023-25010Apr 17, 2023risk 0.00cvss —epss 0.00
A malicious actor may convince a victim to open a malicious USD file that may trigger an uninitialized variable which may result in code execution.
- CVE-2023-27911Apr 17, 2023risk 0.00cvss —epss 0.01
A user may be tricked into opening a malicious FBX file that may exploit a heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior which may lead to code execution.
- CVE-2023-29067Apr 14, 2023risk 0.00cvss —epss 0.00
A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
- CVE-2023-27914Apr 14, 2023risk 0.00cvss —epss 0.00
A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can be used to write beyond the allocated buffer causing a Stack Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in…
- CVE-2023-27912Apr 14, 2023risk 0.00cvss —epss 0.00
A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in the context of the current process.
- CVE-2023-27913Apr 14, 2023risk 0.00cvss —epss 0.00
A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can be used to cause an Integer Overflow. A malicious actor can leverage this vulnerability to cause a crash or read sensitive data, or execute arbitrary code in the context of the current process.
Page 4 of 7