VYPR

Vendor CVEs

Autodesk

All CVEs

319 total · sorted by risk
  • CVE-2024-23146Jun 25, 2024
    risk 0.00cvss epss 0.00

    A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL through through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the…

  • CVE-2024-23145Jun 25, 2024
    risk 0.00cvss epss 0.00

    A maliciously crafted PRT file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of the current process.

  • CVE-2024-23144Jun 25, 2024
    risk 0.00cvss epss 0.00

    A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMBASE228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the…

  • CVE-2024-23143Jun 25, 2024
    risk 0.00cvss epss 0.00

    A maliciously crafted 3DM, MODEL and X_B file, when parsed in ASMkern229A.dll and ASMBASE229A.dll through Autodesk applications, can force an Out-of-Bound Read and/or Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or…

  • CVE-2024-23142Jun 25, 2024
    risk 0.00cvss epss 0.00

    A maliciously crafted CATPART, STP, and MODEL file, when parsed in atf_dwg_consumer.dll, rose_x64_vc15.dll and libodxdll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, can lead to code execution in…

  • CVE-2024-23141Jun 25, 2024
    risk 0.00cvss epss 0.00

    A maliciously crafted MODEL file, when parsed in libodxdll through Autodesk applications, can cause a double free. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.

  • CVE-2024-23140Jun 25, 2024
    risk 0.00cvss epss 0.00

    A maliciously crafted 3DM and MODEL file, when parsed in opennurbs.dll and atf_api.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context…

  • CVE-2024-23139Mar 17, 2024
    risk 0.00cvss epss 0.00

    A maliciously crafted ABC file, when parsed through Autodesk FBX, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

  • CVE-2024-23138Mar 17, 2024
    risk 0.00cvss epss 0.00

    A maliciously crafted DWG file when parsed through Autodesk DWG TrueView can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

  • CVE-2024-23137Feb 22, 2024
    risk 0.00cvss epss 0.01

    A maliciously crafted STP or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.

  • CVE-2024-23136Feb 22, 2024
    risk 0.00cvss epss 0.00

    A maliciously crafted STP file in ASMKERN228A.dll when parsed through Autodesk applications can be used to dereference an untrusted pointer. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.

  • CVE-2024-23135Feb 22, 2024
    risk 0.00cvss epss 0.00

    A maliciously crafted SLDPRT file in ASMkern228A.dll when parsed through Autodesk applications can be used in user-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.

  • CVE-2024-23134Feb 22, 2024
    risk 0.00cvss epss 0.00

    A maliciously crafted IGS file in tbb.dll when parsed through Autodesk AutoCAD can be used in user-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.

  • CVE-2024-23133Feb 22, 2024
    risk 0.00cvss epss 0.00

    A maliciously crafted STP file in ASMDATAX228A.dll when parsed through Autodesk applications can lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the…

  • CVE-2024-23132Feb 22, 2024
    risk 0.00cvss epss 0.01

    A maliciously crafted STP file in atf_dwg_consumer.dll when parsed through Autodesk applications can lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of…

  • CVE-2024-23131Feb 22, 2024
    risk 0.00cvss epss 0.01

    A maliciously crafted STP file, when parsed in ASMIMPORT229A.dll, ASMKERN228A.dll, ASMkern229A.dll or ASMDATAX228A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other…

  • CVE-2024-23130Feb 22, 2024
    risk 0.00cvss epss 0.01

    A maliciously crafted SLDASM or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the…

  • CVE-2024-23129Feb 22, 2024
    risk 0.00cvss epss 0.00

    A maliciously crafted MODEL 3DM, STP, or SLDASM file, when in opennurbs.dll parsed through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in…

  • CVE-2024-23128Feb 22, 2024
    risk 0.00cvss epss 0.01

    A maliciously crafted MODEL file, when parsed in libodxdll.dll and ASMDATAX229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution…

  • CVE-2024-23127Feb 22, 2024
    risk 0.00cvss epss 0.01

    A maliciously crafted MODEL, SLDPRT, or SLDASM file, when parsed in ODXSW_DLL.dll and libodxdll.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute…

  • CVE-2024-23126Feb 22, 2024
    risk 0.00cvss epss 0.00

    A maliciously crafted CATPART file when parsed CC5Dll.dll through Autodesk applications can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current…

  • CVE-2024-23125Feb 22, 2024
    risk 0.00cvss epss 0.00

    A maliciously crafted SLDPRT file when parsed ODXSW_DLL.dll through Autodesk applications can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current…

  • CVE-2024-23124Feb 22, 2024
    risk 0.00cvss epss 0.01

    A maliciously crafted STP file, when parsed in ASMIMPORT228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the…

  • CVE-2024-23123Feb 22, 2024
    risk 0.00cvss epss 0.01

    A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMBASE228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the…

  • CVE-2024-23122Feb 22, 2024
    risk 0.00cvss epss 0.01

    A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the…

  • CVE-2024-23121Feb 22, 2024
    risk 0.00cvss epss 0.01

    A maliciously crafted MODEL file, when parsed in libodxdll.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the…

  • CVE-2024-23120Feb 21, 2024
    risk 0.00cvss epss 0.00

    A maliciously crafted STP and STEP file, when parsed in ASMIMPORT228A.dll and ASMIMPORT229A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute…

  • CVE-2024-0446Feb 21, 2024
    risk 0.00cvss epss 0.00

    A maliciously crafted STP, CATPART or MODEL file, when parsed in ASMKERN228A.dll and ASMdatax229A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute…

  • CVE-2024-20677Jan 9, 2024
    risk 0.00cvss epss 0.03

    A security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint and Outlook for Windows and Mac. Versions of Office that had this feature enabled will no…

  • CVE-2023-41140Nov 23, 2023
    risk 0.00cvss epss 0.00

    A maliciously crafted PRT file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause a Heap-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current…

  • CVE-2023-41139Nov 23, 2023
    risk 0.00cvss epss 0.00

    A maliciously crafted STP file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to dereference an untrusted pointer. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.

  • CVE-2023-29076Nov 23, 2023
    risk 0.00cvss epss 0.01

    A maliciously crafted MODEL, SLDASM, SAT or CATPART file when parsed through Autodesk AutoCAD 2024 and 2023 could cause memory corruption vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.

  • CVE-2023-29075Nov 23, 2023
    risk 0.00cvss epss 0.01

    A maliciously crafted PRT file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause an Out-Of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current…

  • CVE-2023-29074Nov 23, 2023
    risk 0.00cvss epss 0.01

    A maliciously crafted CATPART file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause an Out-Of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current…

  • CVE-2023-29073Nov 23, 2023
    risk 0.00cvss epss 0.01

    A maliciously crafted MODEL file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause a Heap-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current…

  • CVE-2023-41146Nov 22, 2023
    risk 0.00cvss epss 0.00

    Autodesk Customer Support Portal allows cases created by users under an account to see cases created by other users on the same account.

  • CVE-2023-25001Jun 27, 2023
    risk 0.00cvss epss 0.00

    A maliciously crafted SKP file in Autodesk Navisworks 2023 and 2022 be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.

  • CVE-2023-25002Jun 27, 2023
    risk 0.00cvss epss 0.00

    A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.

  • CVE-2023-25003Jun 23, 2023
    risk 0.00cvss epss 0.00

    A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities. Exploitation of this vulnerability may lead to code execution.

  • CVE-2023-27908Jun 23, 2023
    risk 0.00cvss epss 0.00

    A maliciously crafted DLL file can be forced to write beyond allocated boundaries in the Autodesk installer when parsing the DLL files and could lead to a Privilege Escalation vulnerability.

  • CVE-2023-25007May 12, 2023
    risk 0.00cvss epss 0.00

    A malicious actor may convince a user to open a malicious USD file that may trigger an uninitialized pointer which could result in code execution.

  • CVE-2023-25005May 12, 2023
    risk 0.00cvss epss 0.00

    A maliciously crafted DLL file can be forced to read beyond allocated boundaries in Autodesk InfraWorks 2023, and 2021 when parsing the DLL files could lead to a resource injection vulnerability.

  • CVE-2023-27909Apr 17, 2023
    risk 0.00cvss epss 0.00

    An Out-Of-Bounds Write Vulnerability in Autodesk® FBX® SDK version 2020 or prior may lead to code execution through maliciously crafted FBX files or information disclosure.

  • CVE-2023-27910Apr 17, 2023
    risk 0.00cvss epss 0.01

    A user may be tricked into opening a malicious FBX file that may exploit a stack buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior which may lead to code execution.

  • CVE-2023-25010Apr 17, 2023
    risk 0.00cvss epss 0.00

    A malicious actor may convince a victim to open a malicious USD file that may trigger an uninitialized variable which may result in code execution.

  • CVE-2023-27911Apr 17, 2023
    risk 0.00cvss epss 0.01

    A user may be tricked into opening a malicious FBX file that may exploit a heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior which may lead to code execution.

  • CVE-2023-29067Apr 14, 2023
    risk 0.00cvss epss 0.00

    A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

  • CVE-2023-27914Apr 14, 2023
    risk 0.00cvss epss 0.00

    A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can be used to write beyond the allocated buffer causing a Stack Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in…

  • CVE-2023-27912Apr 14, 2023
    risk 0.00cvss epss 0.00

    A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in the context of the current process.

  • CVE-2023-27913Apr 14, 2023
    risk 0.00cvss epss 0.00

    A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can be used to cause an Integer Overflow. A malicious actor can leverage this vulnerability to cause a crash or read sensitive data, or execute arbitrary code in the context of the current process.

Page 4 of 7