A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocated buffer while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.
References
| Link | Resource |
|---|---|
| https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
11 Oct 2022, 17:10
| Type | Values Removed | Values Added |
|---|---|---|
| References | (MISC) https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011 - Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
| CWE | CWE-787 | |
| First Time |
Autodesk infrastructure Parts Editor
Autodesk autocad Civil 3d Autodesk inventor Autodesk autocad Lt Autodesk autocad Electrical Autodesk design Review Autodesk autocad Autodesk autocad Mep Autodesk autocad Plant 3d Autodesk Autodesk dwg Trueview Autodesk autocad Architecture Autodesk storm And Sanitary Analysis Autodesk autocad Map 3d Autodesk revit Autodesk autocad Advance Steel Autodesk fusion Autodesk autocad Mechanical Autodesk infraworks Autodesk navisworks |
|
| CPE | cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:infraworks:2022.0:-:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:design_review:2018:hotfix2:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:infraworks:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_1:*:*:*:*:*:* cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:infrastructure_parts_editor:2022:*:*:*:*:*:*:* cpe:2.3:a:autodesk:design_review:2018:hotfix:*:*:*:*:*:* cpe:2.3:a:autodesk:inventor:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:infraworks:2021.2:-:*:*:*:*:*:* cpe:2.3:a:autodesk:storm_and_sanitary_analysis:2019:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:infraworks:2019.3:hotfix_3:*:*:*:*:*:* cpe:2.3:a:autodesk:infraworks:2019.3:hotfix_2:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:* cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:infraworks:2020.2:hotfix_1:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:fusion:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:infraworks:2020.2:hotfix_2:*:*:*:*:*:* cpe:2.3:a:autodesk:design_review:2018:-:*:*:*:*:*:* cpe:2.3:a:autodesk:infrastructure_parts_editor:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:revit:2022:*:*:*:*:*:*:* cpe:2.3:a:autodesk:infraworks:2022.0:hotfix_1:*:*:*:*:*:* cpe:2.3:a:autodesk:infraworks:2019.3:hotfix_1:*:*:*:*:*:* cpe:2.3:a:autodesk:design_review:2018:hotfix3:*:*:*:*:*:* cpe:2.3:a:autodesk:storm_and_sanitary_analysis:2022:*:*:*:*:*:*:* cpe:2.3:a:autodesk:storm_and_sanitary_analysis:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:infraworks:2022.1:*:*:*:*:*:*:* cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_2:*:*:*:*:*:* cpe:2.3:a:autodesk:dwg_trueview:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:infrastructure_parts_editor:2021:*:*:*:*:*:*:* cpe:2.3:a:autodesk:infraworks:2019.3:-:*:*:*:*:*:* cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:infraworks:2020.2:-:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:* |
07 Oct 2022, 18:24
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-10-07 18:15
Updated : 2023-12-10 14:35
NVD link : CVE-2021-40165
Mitre link : CVE-2021-40165
CVE.ORG link : CVE-2021-40165
JSON object : View
Products Affected
autodesk
- fusion
- autocad_electrical
- revit
- autocad_mechanical
- infraworks
- autocad_map_3d
- dwg_trueview
- autocad
- navisworks
- autocad_plant_3d
- inventor
- autocad_civil_3d
- autocad_architecture
- design_review
- autocad_lt
- autocad_mep
- storm_and_sanitary_analysis
- autocad_advance_steel
- infrastructure_parts_editor
CWE
CWE-787
Out-of-bounds Write