CVE-2021-40166

HIGH

Autodesk AutoCAD 2019-2019.1.4 and 2020-2020.3.2 - Use-After-Free in PNG Parser

Title source: llm

Description

A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute arbitrary code.

References (1)

Core 1

Core References

Vendor Advisory

https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011

Scores

CVSS v3 7.8

EPSS 0.0012

EPSS Percentile 29.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-416

Status published

Products (30)

autodesk/autocad 2019 - 2019.1.4

autodesk/autocad_advance_steel 2019 - 2019.1.4

autodesk/autocad_architecture 2019 - 2019.1.4

autodesk/autocad_civil_3d 2019 - 2019.1.4

autodesk/autocad_electrical 2019 - 2019.1.4

autodesk/autocad_lt 2019 - 2019.1.4

autodesk/autocad_lt 2020 - 2020.3.2

autodesk/autocad_map_3d 2019 - 2019.1.4

autodesk/autocad_mechanical 2019 - 2019.1.4

autodesk/autocad_mep 2019 - 2019.1.4

... and 20 more

Published Oct 07, 2022

Tracked Since Feb 18, 2026