CVE-2021-40162

HIGH

Autodesk Autocad < 2019.1.4 - Out-of-Bounds Read

Title source: rule

Description

A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.

References (1)

Core 1

Core References

Vendor Advisory

https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011

Scores

CVSS v3 7.8

EPSS 0.0012

EPSS Percentile 29.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-125

Status published

Products (30)

autodesk/autocad 2019 - 2019.1.4

autodesk/autocad_advance_steel 2019 - 2019.1.4

autodesk/autocad_architecture 2019 - 2019.1.4

autodesk/autocad_civil_3d 2019 - 2019.1.4

autodesk/autocad_electrical 2019 - 2019.1.4

autodesk/autocad_lt 2019 - 2019.1.4

autodesk/autocad_lt 2020 - 2020.3.2

autodesk/autocad_map_3d 2019 - 2019.1.4

autodesk/autocad_mechanical 2019 - 2019.1.4

autodesk/autocad_mep 2019 - 2019.1.4

... and 20 more

Published Oct 07, 2022

Tracked Since Feb 18, 2026