Vulnerabilities > Autodesk > High

DATE CVE VULNERABILITY TITLE RISK
2023-11-23 CVE-2023-41139 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Autodesk products
A maliciously crafted STP file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to dereference an untrusted pointer.
local
low complexity
autodesk CWE-119
7.8
2023-11-23 CVE-2023-41140 Out-of-bounds Write vulnerability in Autodesk products
A maliciously crafted PRT file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause a Heap-Based Buffer Overflow.
local
low complexity
autodesk CWE-787
7.8
2023-11-22 CVE-2023-29069 Uncontrolled Search Path Element vulnerability in Autodesk Desktop Connector
A maliciously crafted DLL file can be forced to install onto a non-default location, and attacker can overwrite parts of the product with malicious DLLs.
local
low complexity
autodesk CWE-427
7.8
2023-06-27 CVE-2023-25001 Use After Free vulnerability in Autodesk Navisworks 2022/2023
A maliciously crafted SKP file in Autodesk Navisworks 2023 and 2022 be used to trigger use-after-free vulnerability.
local
low complexity
autodesk CWE-416
7.8
2023-06-27 CVE-2023-25002 Use After Free vulnerability in Autodesk products
A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability.
local
low complexity
autodesk CWE-416
7.8
2023-06-27 CVE-2023-25004 Integer Overflow or Wraparound vulnerability in Autodesk products
A maliciously crafted pskernel.dll file in Autodesk products is used to trigger integer overflow vulnerabilities.
local
low complexity
autodesk CWE-190
7.8
2023-06-27 CVE-2023-29068 Out-of-bounds Write vulnerability in Autodesk products
A maliciously crafted file consumed through pskernel.dll file could lead to memory corruption vulnerabilities.
local
low complexity
autodesk CWE-787
7.8
2023-06-23 CVE-2023-27908 Uncontrolled Search Path Element vulnerability in Autodesk Installer
A maliciously crafted DLL file can be forced to write beyond allocated boundaries in the Autodesk installer when parsing the DLL files and could lead to a Privilege Escalation vulnerability.
local
low complexity
autodesk CWE-427
7.8
2023-06-23 CVE-2023-25003 Out-of-bounds Write vulnerability in Autodesk products
A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities.
local
low complexity
autodesk CWE-787
7.8
2023-05-12 CVE-2023-25005 Uncontrolled Search Path Element vulnerability in Autodesk Infraworks
A maliciously crafted DLL file can be forced to read beyond allocated boundaries in Autodesk InfraWorks 2023, and 2021 when parsing the DLL files could lead to a resource injection vulnerability.
local
low complexity
autodesk CWE-427
7.8