CVE-2021-40165

HIGH

Autodesk AutoCAD - Out-of-bounds Write via Malicious TIFF, PICT, TGA, or RLC File

Title source: llm

Description

A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocated buffer while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.

References (1)

Core 1

Core References

Vendor Advisory

https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011

Scores

CVSS v3 7.8

EPSS 0.0012

EPSS Percentile 29.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (30)

autodesk/autocad 2019 - 2019.1.4

autodesk/autocad_advance_steel 2019 - 2019.1.4

autodesk/autocad_architecture 2019 - 2019.1.4

autodesk/autocad_civil_3d 2019 - 2019.1.4

autodesk/autocad_electrical 2019 - 2019.1.4

autodesk/autocad_lt 2019 - 2019.1.4

autodesk/autocad_lt 2020 - 2020.3.2

autodesk/autocad_map_3d 2019 - 2019.1.4

autodesk/autocad_mechanical 2019 - 2019.1.4

autodesk/autocad_mep 2019 - 2019.1.4

... and 20 more

Published Oct 07, 2022

Tracked Since Feb 18, 2026