CVE-2021-40166

HIGH

Autodesk Autocad < 2019.1.4 - Use After Free

Title source: rule

Description

A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute arbitrary code.

References (1)

[Vendor Advisory] https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011

Scores

CVSS v3 7.8

EPSS 0.0012

EPSS Percentile 30.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-416

Status published

Affected Products (41)

autodesk/autocad < 2019.1.4

autodesk/autocad_advance_steel < 2019.1.4

autodesk/autocad_architecture < 2019.1.4

autodesk/autocad_civil_3d < 2019.1.4

autodesk/autocad_electrical < 2019.1.4

autodesk/autocad_lt < 2019.1.4

autodesk/autocad_lt < 2020.3.2

autodesk/autocad_map_3d < 2019.1.4

autodesk/autocad_mechanical < 2019.1.4

autodesk/autocad_mep < 2019.1.4

autodesk/autocad_plant_3d < 2019.1.4

autodesk/design_review

... and 26 more

Timeline

Published Oct 07, 2022

Tracked Since Feb 18, 2026