A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute arbitrary code.
References
| Link | Resource |
|---|---|
| https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
11 Oct 2022, 17:11
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
| CWE | CWE-416 | |
| References | (MISC) https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011 - Vendor Advisory | |
| First Time |
Autodesk infrastructure Parts Editor
Autodesk autocad Civil 3d Autodesk inventor Autodesk autocad Lt Autodesk autocad Electrical Autodesk design Review Autodesk autocad Autodesk autocad Mep Autodesk autocad Plant 3d Autodesk Autodesk dwg Trueview Autodesk autocad Architecture Autodesk storm And Sanitary Analysis Autodesk autocad Map 3d Autodesk revit Autodesk autocad Advance Steel Autodesk fusion Autodesk autocad Mechanical Autodesk infraworks Autodesk navisworks |
|
| CPE | cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:infraworks:2022.0:-:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:design_review:2018:hotfix2:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:infraworks:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_1:*:*:*:*:*:* cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:infrastructure_parts_editor:2022:*:*:*:*:*:*:* cpe:2.3:a:autodesk:design_review:2018:hotfix:*:*:*:*:*:* cpe:2.3:a:autodesk:inventor:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:infraworks:2021.2:-:*:*:*:*:*:* cpe:2.3:a:autodesk:storm_and_sanitary_analysis:2019:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:infraworks:2019.3:hotfix_3:*:*:*:*:*:* cpe:2.3:a:autodesk:infraworks:2019.3:hotfix_2:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:* cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:infraworks:2020.2:hotfix_1:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:fusion:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:infraworks:2020.2:hotfix_2:*:*:*:*:*:* cpe:2.3:a:autodesk:design_review:2018:-:*:*:*:*:*:* cpe:2.3:a:autodesk:infrastructure_parts_editor:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:revit:2022:*:*:*:*:*:*:* cpe:2.3:a:autodesk:infraworks:2022.0:hotfix_1:*:*:*:*:*:* cpe:2.3:a:autodesk:infraworks:2019.3:hotfix_1:*:*:*:*:*:* cpe:2.3:a:autodesk:design_review:2018:hotfix3:*:*:*:*:*:* cpe:2.3:a:autodesk:storm_and_sanitary_analysis:2022:*:*:*:*:*:*:* cpe:2.3:a:autodesk:storm_and_sanitary_analysis:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:infraworks:2022.1:*:*:*:*:*:*:* cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_2:*:*:*:*:*:* cpe:2.3:a:autodesk:dwg_trueview:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:infrastructure_parts_editor:2021:*:*:*:*:*:*:* cpe:2.3:a:autodesk:infraworks:2019.3:-:*:*:*:*:*:* cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:infraworks:2020.2:-:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:* |
07 Oct 2022, 18:24
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-10-07 18:15
Updated : 2023-12-10 14:35
NVD link : CVE-2021-40166
Mitre link : CVE-2021-40166
CVE.ORG link : CVE-2021-40166
JSON object : View
Products Affected
autodesk
- infraworks
- autocad_civil_3d
- storm_and_sanitary_analysis
- navisworks
- autocad_mep
- autocad_architecture
- inventor
- autocad_advance_steel
- autocad
- autocad_lt
- revit
- design_review
- autocad_plant_3d
- autocad_electrical
- infrastructure_parts_editor
- autocad_map_3d
- autocad_mechanical
- dwg_trueview
- fusion
CWE
CWE-416
Use After Free