A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.
References
Link | Resource |
---|---|
https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
11 Oct 2022, 17:06
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011 - Vendor Advisory | |
First Time |
Autodesk infrastructure Parts Editor
Autodesk autocad Civil 3d Autodesk inventor Autodesk autocad Lt Autodesk autocad Electrical Autodesk design Review Autodesk autocad Autodesk autocad Mep Autodesk autocad Plant 3d Autodesk Autodesk dwg Trueview Autodesk autocad Architecture Autodesk storm And Sanitary Analysis Autodesk autocad Map 3d Autodesk revit Autodesk autocad Advance Steel Autodesk fusion Autodesk autocad Mechanical Autodesk infraworks Autodesk navisworks |
|
CPE | cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:infraworks:2022.0:-:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:design_review:2018:hotfix2:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:infraworks:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_1:*:*:*:*:*:* cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:infrastructure_parts_editor:2022:*:*:*:*:*:*:* cpe:2.3:a:autodesk:design_review:2018:hotfix:*:*:*:*:*:* cpe:2.3:a:autodesk:inventor:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:infraworks:2021.2:-:*:*:*:*:*:* cpe:2.3:a:autodesk:storm_and_sanitary_analysis:2019:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:infraworks:2019.3:hotfix_3:*:*:*:*:*:* cpe:2.3:a:autodesk:infraworks:2019.3:hotfix_2:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:* cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:infraworks:2020.2:hotfix_1:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:fusion:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:infraworks:2020.2:hotfix_2:*:*:*:*:*:* cpe:2.3:a:autodesk:design_review:2018:-:*:*:*:*:*:* cpe:2.3:a:autodesk:infrastructure_parts_editor:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:revit:2022:*:*:*:*:*:*:* cpe:2.3:a:autodesk:infraworks:2022.0:hotfix_1:*:*:*:*:*:* cpe:2.3:a:autodesk:infraworks:2019.3:hotfix_1:*:*:*:*:*:* cpe:2.3:a:autodesk:design_review:2018:hotfix3:*:*:*:*:*:* cpe:2.3:a:autodesk:storm_and_sanitary_analysis:2022:*:*:*:*:*:*:* cpe:2.3:a:autodesk:storm_and_sanitary_analysis:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:infraworks:2022.1:*:*:*:*:*:*:* cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_2:*:*:*:*:*:* cpe:2.3:a:autodesk:dwg_trueview:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:infrastructure_parts_editor:2021:*:*:*:*:*:*:* cpe:2.3:a:autodesk:infraworks:2019.3:-:*:*:*:*:*:* cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:infraworks:2020.2:-:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
CWE | CWE-125 |
07 Oct 2022, 18:24
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-10-07 18:15
Updated : 2023-12-10 14:35
NVD link : CVE-2021-40162
Mitre link : CVE-2021-40162
CVE.ORG link : CVE-2021-40162
JSON object : View
Products Affected
autodesk
- fusion
- infraworks
- autocad
- autocad_lt
- autocad_map_3d
- storm_and_sanitary_analysis
- inventor
- autocad_advance_steel
- navisworks
- autocad_mep
- revit
- design_review
- autocad_plant_3d
- infrastructure_parts_editor
- autocad_civil_3d
- autocad_mechanical
- dwg_trueview
- autocad_architecture
- autocad_electrical
CWE
CWE-125
Out-of-bounds Read