CVE-2021-40155

HIGH

Autodesk Navisworks 2019-2022 - Out-of-bounds Read via DWG File Parsing

Title source: llm
STIX 2.1

Description

A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execute arbitrary code.

References (1)

Core 1
Core References

Scores

CVSS v3 7.8
EPSS 0.0096
EPSS Percentile 57.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-125
Status published
Products (4)
autodesk/navisworks 2019
autodesk/navisworks 2020
autodesk/navisworks 2021
autodesk/navisworks 2022
Published Sep 15, 2021
Tracked Since Feb 18, 2026