7.8

CVE-2021-40161

A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AutodeskRevit Version < 2020.2.5
AutodeskRevit Version >= 2021 < 2021.1.6
AutodeskRevit Version >= 2022 < 2022.1.2
AutodeskNavisworks Version < 2019.6
AutodeskNavisworks Version >= 2020 < 2020.4
AutodeskNavisworks Version >= 2021 < 2021.3
AutodeskNavisworks Version >= 2022 < 2022.2
AutodeskAdvance Steel Version < 2019.1.4
AutodeskAdvance Steel Version >= 2020 < 2020.1.5
AutodeskAdvance Steel Version >= 2021 < 2021.1.2
AutodeskAdvance Steel Version >= 2022 < 2022.1.2
AutodeskAutocad Version < 2019.1.4
AutodeskAutocad Version >= 2020 < 2020.1.5
AutodeskAutocad Version >= 2021 < 2021.1.2
AutodeskAutocad Version >= 2022 < 2022.1.2
AutodeskAutocad Architecture Version < 2019.1.4
AutodeskAutocad Architecture Version >= 2020 < 2020.1.5
AutodeskAutocad Architecture Version >= 2021 < 2021.1.2
AutodeskAutocad Architecture Version >= 2022 < 2022.1.2
AutodeskAutocad Electrical Version < 2019.1.4
AutodeskAutocad Electrical Version >= 2020 < 2020.1.5
AutodeskAutocad Electrical Version >= 2021 < 2021.1.2
AutodeskAutocad Electrical Version >= 2022 < 2022.1.2
AutodeskAutocad Map 3d Version < 2019.1.4
AutodeskAutocad Map 3d Version >= 2020 < 2020.1.5
AutodeskAutocad Map 3d Version >= 2021 < 2021.1.2
AutodeskAutocad Map 3d Version >= 2022 < 2022.1.2
AutodeskAutocad Mechanical Version < 2019.1.4
AutodeskAutocad Mechanical Version >= 2020 < 2020.1.5
AutodeskAutocad Mechanical Version >= 2021 < 2021.1.2
AutodeskAutocad Mechanical Version >= 2022 < 2022.1.2
AutodeskAutocad Mep Version < 2019.1.4
AutodeskAutocad Mep Version >= 2020 < 2020.1.5
AutodeskAutocad Mep Version >= 2021 < 2021.1.2
AutodeskAutocad Mep Version >= 2022 < 2022.1.2
AutodeskAutocad Plant 3d Version < 2019.1.4
AutodeskAutocad Plant 3d Version >= 2020 < 2020.1.5
AutodeskAutocad Plant 3d Version >= 2021 < 2021.1.2
AutodeskAutocad Plant 3d Version >= 2022 < 2022.1.2
AutodeskAutocad Lt Version < 2019.1.4
AutodeskAutocad Lt Version >= 2020 < 2020.1.5
AutodeskAutocad Lt Version >= 2021 < 2021.1.2
AutodeskAutocad Lt Version >= 2022 < 2022.1.2
AutodeskCivil 3d Version < 2019.1.4
AutodeskCivil 3d Version >= 2020 < 2020.1.5
AutodeskCivil 3d Version >= 2021 < 2021.1.2
AutodeskCivil 3d Version >= 2022 < 2022.1.2
AutodeskAutocad SwPlatformmacos Version > 2022 < 2022.2
AutodeskAutocad Version2020 SwPlatformmacos
AutodeskAutocad Version2021 SwPlatformmacos
AutodeskAutocad Version2022 SwPlatformmacos
AutodeskAutocad Lt SwPlatformmacos Version >= 2022 < 2022.2
AutodeskAutocad Lt Version2020 SwPlatformmacos
AutodeskAutocad Lt Version2021 SwPlatformmacos
AutodeskDesign Review Version2018 Update-
AutodeskDesign Review Version2018 Updatehotfix
AutodeskDesign Review Version2018 Updatehotfix2
AutodeskDesign Review Version2018 Updatehotfix3
AutodeskDesign Review Version2018 Updatehotfix4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.44% 0.697
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 4.4 3.4 6.4
AV:L/AC:M/Au:N/C:P/I:P/A:P
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010
Patch
Vendor Advisory