← Volver a CVEs
CVE-2021-40165
HIGH7.8
Descripcion
A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocated buffer while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.
Detalles CVE
Puntuacion CVSS v3.17.8
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vector de ataqueLOCAL
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioREQUIRED
Publicado10/7/2022
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
autodesk:autocadautodesk:autocad_advance_steelautodesk:autocad_architectureautodesk:autocad_civil_3dautodesk:autocad_electricalautodesk:autocad_ltautodesk:autocad_map_3dautodesk:autocad_mechanicalautodesk:autocad_mepautodesk:autocad_plant_3dautodesk:design_reviewautodesk:dwg_trueviewautodesk:fusionautodesk:infrastructure_parts_editorautodesk:infraworksautodesk:inventorautodesk:navisworksautodesk:revitautodesk:storm_and_sanitary_analysis
Debilidades (CWE)
CWE-787
Referencias
https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011(psirt@autodesk.com)
https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.