Filtered by vendor Autodesk
Subscriptions
Total
323 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-37002 | 1 Autodesk | 10 Advance Steel, Autocad, Autocad Architecture and 7 more | 2025-11-13 | 7.8 High |
| A maliciously crafted MODEL file, when parsed in ASMkern229A.dllthrough Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process. | ||||
| CVE-2024-37001 | 1 Autodesk | 10 Advance Steel, Autocad, Autocad Architecture and 7 more | 2025-11-13 | 7.8 High |
| A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | ||||
| CVE-2025-6633 | 1 Autodesk | 2 3ds Max, 3ds Max | 2025-11-13 | 7.8 High |
| A maliciously crafted RBG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. | ||||
| CVE-2025-6634 | 1 Autodesk | 2 3ds Max, 3ds Max | 2025-11-13 | 7.8 High |
| A maliciously crafted TGA file, when linked or imported into Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | ||||
| CVE-2024-23124 | 1 Autodesk | 12 Advance Steel, Autocad, Autocad Advance Steel and 9 more | 2025-11-13 | 7.8 High |
| A maliciously crafted STP file, when parsed in ASMIMPORT228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. | ||||
| CVE-2025-6632 | 1 Autodesk | 2 3ds Max, 3ds Max | 2025-11-13 | 5.3 Medium |
| A maliciously crafted PSD file, when linked or imported into Autodesk 3ds Max, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | ||||
| CVE-2025-5335 | 1 Autodesk | 1 Installer | 2025-11-13 | 7.8 High |
| A maliciously crafted binary file when downloaded could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to an untrusted search path being utilized in the Autodesk Installer application. Exploitation of this vulnerability may lead to code execution. | ||||
| CVE-2025-1432 | 1 Autodesk | 10 Advance Steel, Autocad, Autocad Architecture and 7 more | 2025-11-13 | 7.8 High |
| A maliciously crafted 3DM file, when parsed through Autodesk AutoCAD, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | ||||
| CVE-2024-12670 | 1 Autodesk | 4 Navisworks, Navisworks Freedom, Navisworks Manage and 1 more | 2025-11-13 | 7.8 High |
| A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | ||||
| CVE-2024-37005 | 1 Autodesk | 9 Advance Steel, Autocad, Autocad Architecture and 6 more | 2025-11-13 | 7.8 High |
| A maliciously crafted X_B file, when parsed in pskernel.DLL through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of the current process. | ||||
| CVE-2025-10885 | 1 Autodesk | 1 Installer | 2025-11-12 | 7.8 High |
| A maliciously crafted file, when executed on the victim's machine, can lead to privilege escalation to NT AUTHORITY/SYSTEM due to an insufficient validation of loaded binaries. An attacker with local and low-privilege access could exploit this to execute code as SYSTEM. | ||||
| CVE-2024-37006 | 1 Autodesk | 10 Advance Steel, Autocad, Autocad Architecture and 7 more | 2025-11-06 | 7.8 High |
| A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process. | ||||
| CVE-2025-1276 | 1 Autodesk | 18 Advance Steel, Autocad, Autocad Architecture and 15 more | 2025-10-07 | 7.8 High |
| A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. | ||||
| CVE-2024-9500 | 1 Autodesk | 1 Installer | 2025-10-06 | 7.8 High |
| A maliciously crafted DLL file when placed in temporary files and folders that are leveraged by the Autodesk Installer could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to insecure privilege management. | ||||
| CVE-2025-5042 | 1 Autodesk | 2 Revit, Revit Lt | 2025-10-06 | 7.8 High |
| A maliciously crafted RFA file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | ||||
| CVE-2025-8894 | 1 Autodesk | 12 Advance Steel, Autocad, Autocad Architecture and 9 more | 2025-10-06 | 7.8 High |
| A maliciously crafted PDF file, when parsed through certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | ||||
| CVE-2025-8893 | 1 Autodesk | 12 Advance Steel, Autocad, Autocad Architecture and 9 more | 2025-10-06 | 7.8 High |
| A maliciously crafted PDF file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. | ||||
| CVE-2025-8354 | 1 Autodesk | 2 Revit, Revit Lt | 2025-10-06 | 7.8 High |
| A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Type Confusion vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. | ||||
| CVE-2024-12199 | 1 Autodesk | 4 Navisworks, Navisworks Freedom, Navisworks Manage and 1 more | 2025-10-02 | 7.8 High |
| A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. | ||||
| CVE-2024-11608 | 1 Autodesk | 1 Revit | 2025-09-26 | 7.8 High |
| A maliciously crafted SKP file, when linked or imported into Autodesk Revit, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | ||||