CVE-2021-40159

HIGH

Autodesk Inventor - Information Disclosure via JT File Parsing

Title source: llm

Description

An Information Disclosure vulnerability for JT files in Autodesk Inventor 2022, 2021, 2020, 2019 in conjunction with other vulnerabilities may lead to code execution through maliciously crafted JT files in the context of the current process.

References (3)

Core 3

Core References

Vendor Advisory

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002

Third Party Advisory, VDB Entry

https://www.zerodayinitiative.com/advisories/ZDI-22-282/

Third Party Advisory, VDB Entry

https://www.zerodayinitiative.com/advisories/ZDI-22-289/

Scores

CVSS v3 7.8

EPSS 0.0034

EPSS Percentile 57.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-200

Status published

Products (14)

autodesk/advance_steel 2022 - 2022.1.2

autodesk/autocad 2022 - 2022.1.2

autodesk/autocad_architecture 2022 - 2022.1.2

autodesk/autocad_electrical 2022 - 2022.1.2

autodesk/autocad_lt 2022 - 2022.1.2

autodesk/autocad_map_3d 2022 - 2022.1.2

autodesk/autocad_mechanical 2022 - 2022.1.2

autodesk/autocad_mep 2022 - 2022.1.2

autodesk/autocad_plant_3d 2022 - 2022.1.2

autodesk/civil_3d 2022 - 2022.1.2

... and 4 more

Published Jan 25, 2022

Tracked Since Feb 18, 2026