Lucene search

[email protected]CVE-2021-40166

HistoryOct 07, 2022 - 6:15 p.m.

CVE-2021-40166

2022-10-0718:15:14

CWE-416

[email protected]

web.nvd.nist.gov

cve-2021-40166

png file

code execution

autodesk image processing

vulnerability

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

30.4%

JSON

A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute arbitrary code.

Affected configurations

NVD

Node

autodeskautocadRange2019–2019.1.4

autodeskautocadRange2020–2020.1.5

autodeskautocadRange2021–2021.1.2

autodeskautocadRange2022–2022.1.2

autodeskautocad_advance_steelRange2019–2019.1.4

autodeskautocad_advance_steelRange2020–2020.1.5

autodeskautocad_advance_steelRange2021–2021.1.2

autodeskautocad_advance_steelRange2022–2022.1.2

autodeskautocad_architectureRange2019–2019.1.4

autodeskautocad_architectureRange2020–2020.1.5

autodeskautocad_architectureRange2021–2021.1.2

autodeskautocad_architectureRange2022–2022.1.2

autodeskautocad_civil_3dRange2019–2019.1.4

autodeskautocad_civil_3dRange2020–2020.1.5

autodeskautocad_civil_3dRange2021–2021.1.2

autodeskautocad_civil_3dRange2022–2022.1.2

autodeskautocad_electricalRange2019–2019.1.4

autodeskautocad_electricalRange2020–2020.1.5

autodeskautocad_electricalRange2021–2021.1.2

autodeskautocad_electricalRange2022–2022.1.2

autodeskautocad_ltRange2019–2019.1.4

autodeskautocad_ltRange2020–2020.1.5

autodeskautocad_ltRange2020–2020.3.2macos

autodeskautocad_ltRange2021–2021.1.2

autodeskautocad_ltRange2021–2021.2.2macos

autodeskautocad_ltRange2022–2022.1.2

autodeskautocad_ltRange2022–2022.2.2macos

autodeskautocad_map_3dRange2019–2019.1.4

autodeskautocad_map_3dRange2020–2020.1.5

autodeskautocad_map_3dRange2021–2021.1.2

autodeskautocad_map_3dRange2022–2022.1.2

autodeskautocad_mechanicalRange2019–2019.1.4

autodeskautocad_mechanicalRange2020–2020.1.5

autodeskautocad_mechanicalRange2021–2021.1.2

autodeskautocad_mechanicalRange2022–2022.1.2

autodeskautocad_mepRange2019–2019.1.4

autodeskautocad_mepRange2020–2020.1.5

autodeskautocad_mepRange2021–2021.1.2

autodeskautocad_mepRange2022–2022.1.2

autodeskautocad_plant_3dRange2019–2019.1.4

autodeskautocad_plant_3dRange2020–2020.1.5

autodeskautocad_plant_3dRange2021–2021.1.2

autodeskautocad_plant_3dRange2022–2022.1.2

autodeskdesign_reviewMatch2018-

autodeskdesign_reviewMatch2018hotfix

autodeskdesign_reviewMatch2018hotfix2

autodeskdesign_reviewMatch2018hotfix3

autodeskdwg_trueviewRange2019–2019.1.4

autodeskdwg_trueviewRange2020–2020.1.5

autodeskdwg_trueviewRange2021–2021.1.2

autodeskdwg_trueviewRange2022–2022.1.1

autodeskfusionRange2.0.10356–2.0.11405

autodeskinfrastructure_parts_editorRange2019–2019.2.2

autodeskinfrastructure_parts_editorRange2020–2020.0.2

autodeskinfrastructure_parts_editorMatch2021

autodeskinfrastructure_parts_editorMatch2022

autodeskinfraworksRange2019–2019.3

autodeskinfraworksRange2020–2020.2

autodeskinfraworksRange2021–2021.2

autodeskinfraworksMatch2019.3-

autodeskinfraworksMatch2019.3hotfix_1

autodeskinfraworksMatch2019.3hotfix_2

autodeskinfraworksMatch2019.3hotfix_3

autodeskinfraworksMatch2020.2-

autodeskinfraworksMatch2020.2hotfix_1

autodeskinfraworksMatch2020.2hotfix_2

autodeskinfraworksMatch2021.2-

autodeskinfraworksMatch2021.2hotfix_1

autodeskinfraworksMatch2021.2hotfix_2

autodeskinfraworksMatch2022.0-

autodeskinfraworksMatch2022.0hotfix_1

autodeskinfraworksMatch2022.1

autodeskinventorRange2019–2019.6

autodeskinventorRange2020–2020.5

autodeskinventorRange2021–2021.4

autodeskinventorRange2022–2022.2

autodesknavisworksRange2019–2019.7

autodesknavisworksRange2020–2020.5

autodesknavisworksRange2021–2021.4

autodesknavisworksRange2022–2022.2

autodeskrevitRange2019–2019.2.4

autodeskrevitRange2020–2020.2.6

autodeskrevitRange2021–2021.1.5

autodeskrevitMatch2022

autodeskstorm_and_sanitary_analysisRange2020–2020.3.1

autodeskstorm_and_sanitary_analysisRange2021–2021.3.1

autodeskstorm_and_sanitary_analysisMatch2019

autodeskstorm_and_sanitary_analysisMatch2022

CPENameOperatorVersion
autodesk:autocadautodesk autocadlt2019.1.4
autodesk:autocadautodesk autocadlt2020.1.5
autodesk:autocadautodesk autocadlt2021.1.2
autodesk:autocadautodesk autocadlt2022.1.2
autodesk:autocad_advance_steelautodesk autocad advance steellt2019.1.4
autodesk:autocad_advance_steelautodesk autocad advance steellt2020.1.5
autodesk:autocad_advance_steelautodesk autocad advance steellt2021.1.2
autodesk:autocad_advance_steelautodesk autocad advance steellt2022.1.2
autodesk:autocad_architectureautodesk autocad architecturelt2019.1.4
autodesk:autocad_architectureautodesk autocad architecturelt2020.1.5

CPE	Name	Operator	Version
autodesk:autocad	autodesk autocad	lt	2019.1.4
autodesk:autocad	autodesk autocad	lt	2020.1.5
autodesk:autocad	autodesk autocad	lt	2021.1.2
autodesk:autocad	autodesk autocad	lt	2022.1.2
autodesk:autocad_advance_steel	autodesk autocad advance steel	lt	2019.1.4
autodesk:autocad_advance_steel	autodesk autocad advance steel	lt	2020.1.5
autodesk:autocad_advance_steel	autodesk autocad advance steel	lt	2021.1.2
autodesk:autocad_advance_steel	autodesk autocad advance steel	lt	2022.1.2
autodesk:autocad_architecture	autodesk autocad architecture	lt	2019.1.4
autodesk:autocad_architecture	autodesk autocad architecture	lt	2020.1.5

Rows per page:

1-10 of 741

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Revit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
    "versions": [
      {
        "version": "2022, 2021, 2020, 2019",
        "status": "affected"
      }
    ]
  }
]

References

www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011

Social References

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

30.4%

JSON

Related for CVE-2021-40166

nvd1 cvelist1 prion1