Lucene search
AutodeskCVE-2021-40164HistoryOct 07, 2022 - 6:15 p.m.
CVE-2021-40164
2022-10-0718:15:14
CWE-787
autodesk
web.nvd.nist.gov
35
6
cve-2021-40164
heap-based buffer overflow
arbitrary code execution
tiff
pict
tga
rlc
nvd
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
33.4%
A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.
Affected configurations
Node
autodeskautocadRange2019–2019.1.4
ORautodeskautocadRange2020–2020.1.5
ORautodeskautocadRange2021–2021.1.2
ORautodeskautocadRange2022–2022.1.2
ORautodeskautocad_advance_steelRange2019–2019.1.4
ORautodeskautocad_advance_steelRange2020–2020.1.5
ORautodeskautocad_advance_steelRange2021–2021.1.2
ORautodeskautocad_advance_steelRange2022–2022.1.2
ORautodeskautocad_architectureRange2019–2019.1.4
ORautodeskautocad_architectureRange2020–2020.1.5
ORautodeskautocad_architectureRange2021–2021.1.2
ORautodeskautocad_architectureRange2022–2022.1.2
ORautodeskautocad_civil_3dRange2019–2019.1.4
ORautodeskautocad_civil_3dRange2020–2020.1.5
ORautodeskautocad_civil_3dRange2021–2021.1.2
ORautodeskautocad_civil_3dRange2022–2022.1.2
ORautodeskautocad_electricalRange2019–2019.1.4
ORautodeskautocad_electricalRange2020–2020.1.5
ORautodeskautocad_electricalRange2021–2021.1.2
ORautodeskautocad_electricalRange2022–2022.1.2
ORautodeskautocad_ltRange2019–2019.1.4
ORautodeskautocad_ltRange2020–2020.1.5
ORautodeskautocad_ltRange2020–2020.3.2macos
ORautodeskautocad_ltRange2021–2021.1.2
ORautodeskautocad_ltRange2021–2021.2.2macos
ORautodeskautocad_ltRange2022–2022.1.2
ORautodeskautocad_ltRange2022–2022.2.2macos
ORautodeskautocad_map_3dRange2019–2019.1.4
ORautodeskautocad_map_3dRange2020–2020.1.5
ORautodeskautocad_map_3dRange2021–2021.1.2
ORautodeskautocad_map_3dRange2022–2022.1.2
ORautodeskautocad_mechanicalRange2019–2019.1.4
ORautodeskautocad_mechanicalRange2020–2020.1.5
ORautodeskautocad_mechanicalRange2021–2021.1.2
ORautodeskautocad_mechanicalRange2022–2022.1.2
ORautodeskautocad_mepRange2019–2019.1.4
ORautodeskautocad_mepRange2020–2020.1.5
ORautodeskautocad_mepRange2021–2021.1.2
ORautodeskautocad_mepRange2022–2022.1.2
ORautodeskautocad_plant_3dRange2019–2019.1.4
ORautodeskautocad_plant_3dRange2020–2020.1.5
ORautodeskautocad_plant_3dRange2021–2021.1.2
ORautodeskautocad_plant_3dRange2022–2022.1.2
ORautodeskdesign_reviewMatch2018-
ORautodeskdesign_reviewMatch2018hotfix
ORautodeskdesign_reviewMatch2018hotfix2
ORautodeskdesign_reviewMatch2018hotfix3
ORautodeskdwg_trueviewRange2019–2019.1.4
ORautodeskdwg_trueviewRange2020–2020.1.5
ORautodeskdwg_trueviewRange2021–2021.1.2
ORautodeskdwg_trueviewRange2022–2022.1.1
ORautodeskfusionRange2.0.10356–2.0.11405
ORautodeskinfrastructure_parts_editorRange2019–2019.2.2
ORautodeskinfrastructure_parts_editorRange2020–2020.0.2
ORautodeskinfrastructure_parts_editorMatch2021
ORautodeskinfrastructure_parts_editorMatch2022
ORautodeskinfraworksRange2019–2019.3
ORautodeskinfraworksRange2020–2020.2
ORautodeskinfraworksRange2021–2021.2
ORautodeskinfraworksMatch2019.3-
ORautodeskinfraworksMatch2019.3hotfix_1
ORautodeskinfraworksMatch2019.3hotfix_2
ORautodeskinfraworksMatch2019.3hotfix_3
ORautodeskinfraworksMatch2020.2-
ORautodeskinfraworksMatch2020.2hotfix_1
ORautodeskinfraworksMatch2020.2hotfix_2
ORautodeskinfraworksMatch2021.2-
ORautodeskinfraworksMatch2021.2hotfix_1
ORautodeskinfraworksMatch2021.2hotfix_2
ORautodeskinfraworksMatch2022.0-
ORautodeskinfraworksMatch2022.0hotfix_1
ORautodeskinfraworksMatch2022.1
ORautodeskinventorRange2019–2019.6
ORautodeskinventorRange2020–2020.5
ORautodeskinventorRange2021–2021.4
ORautodeskinventorRange2022–2022.2
ORautodesknavisworksRange2019–2019.7
ORautodesknavisworksRange2020–2020.5
ORautodesknavisworksRange2021–2021.4
ORautodesknavisworksRange2022–2022.2
ORautodeskrevitRange2019–2019.2.4
ORautodeskrevitRange2020–2020.2.6
ORautodeskrevitRange2021–2021.1.5
ORautodeskrevitMatch2022
ORautodeskstorm_and_sanitary_analysisRange2020–2020.3.1
ORautodeskstorm_and_sanitary_analysisRange2021–2021.3.1
ORautodeskstorm_and_sanitary_analysisMatch2019
ORautodeskstorm_and_sanitary_analysisMatch2022
| Vendor | Product | Version | CPE |
|---|---|---|---|
| autodesk | autocad | * | cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:* |
| autodesk | autocad_advance_steel | * | cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:* |
| autodesk | autocad_architecture | * | cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:* |
| autodesk | autocad_civil_3d | * | cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:* |
| autodesk | autocad_electrical | * | cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:* |
| autodesk | autocad_lt | * | cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:* |
| autodesk | autocad_lt | * | cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:* |
| autodesk | autocad_map_3d | * | cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:* |
| autodesk | autocad_mechanical | * | cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:* |
| autodesk | autocad_mep | * | cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "n/a",
"product": "Revit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"versions": [
{
"version": "2022, 2021, 2020, 2019",
"status": "affected"
}
]
}
]Social References
More
Related
cvelist
cvelist
CVE-2021-40164
2022-10-07 00:00:00
prion
prion
Heap overflow
2022-10-07 18:15:00
nvd
nvd
CVE-2021-40164
2022-10-07 18:15:14
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
33.4%
Related for CVE-2021-40164