Boundary Reading Vulnerability in Autodesk Inventor and AutoCAD
CVE-2021-40158

7.8HIGH

Key Information:

Vendor: Autodesk
Status: Inventor
Vendor: CVE Published:; 25 January 2022

Summary

A maliciously crafted JT file for Autodesk Inventor and AutoCAD can exploit a vulnerable parser, potentially allowing an attacker to execute arbitrary code within the context of the current process. This vulnerability arises due to improper handling of data, which allows for reading beyond the allocated memory boundaries. Consequently, this could lead to unauthorized actions or access within the application, making it crucial for users to monitor and apply security updates.

Affected Version(s)

Inventor 2022, 2021, 2020, 2019

References

https://www.autodesk.com/trust/security-advisories/adsk-s...

https://www.zerodayinitiative.com/advisories/ZDI-22-287/

https://www.zerodayinitiative.com/advisories/ZDI-22-283/

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 25, 2022
Vulnerability Reserved
Aug 27, 2021