7.8
CVE-2021-40156
- EPSS 0.42%
- Veröffentlicht 15.09.2021 17:15:10
- Zuletzt bearbeitet 21.11.2024 06:23:41
- Quelle psirt@autodesk.com
- CVE-Watchlists
- Unerledigt
LoginA maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to write beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execute arbitrary code.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Autodesk ≫ Navisworks Version2019
Autodesk ≫ Navisworks Version2020
Autodesk ≫ Navisworks Version2021
Autodesk ≫ Navisworks Version2022
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.42% | 0.589 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.