CVE-2021-40166

EPSS 0.12%
Veröffentlicht 07.10.2022 18:15:14
Zuletzt bearbeitet 21.11.2024 06:23:42
Quelle psirt@autodesk.com
CVE-Watchlists
Login
Unerledigt
Login

A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute arbitrary code.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Autodesk ≫ Autocad Version >= 2019 < 2019.1.4

Autodesk ≫ Autocad Version >= 2020 < 2020.1.5

Autodesk ≫ Autocad Version >= 2021 < 2021.1.2

Autodesk ≫ Autocad Version >= 2022 < 2022.1.2

Autodesk ≫ Autocad Advance Steel Version >= 2019 < 2019.1.4

Autodesk ≫ Autocad Advance Steel Version >= 2020 < 2020.1.5

Autodesk ≫ Autocad Advance Steel Version >= 2021 < 2021.1.2

Autodesk ≫ Autocad Advance Steel Version >= 2022 < 2022.1.2

Autodesk ≫ Autocad Architecture Version >= 2019 < 2019.1.4

Autodesk ≫ Autocad Architecture Version >= 2020 < 2020.1.5

Autodesk ≫ Autocad Architecture Version >= 2021 < 2021.1.2

Autodesk ≫ Autocad Architecture Version >= 2022 < 2022.1.2

Autodesk ≫ Autocad Civil 3d Version >= 2019 < 2019.1.4

Autodesk ≫ Autocad Civil 3d Version >= 2020 < 2020.1.5

Autodesk ≫ Autocad Civil 3d Version >= 2021 < 2021.1.2

Autodesk ≫ Autocad Civil 3d Version >= 2022 < 2022.1.2

Autodesk ≫ Autocad Electrical Version >= 2019 < 2019.1.4

Autodesk ≫ Autocad Electrical Version >= 2020 < 2020.1.5

Autodesk ≫ Autocad Electrical Version >= 2021 < 2021.1.2

Autodesk ≫ Autocad Electrical Version >= 2022 < 2022.1.2

Autodesk ≫ Autocad Lt Version >= 2019 < 2019.1.4

Autodesk ≫ Autocad Lt Version >= 2020 < 2020.1.5

Autodesk ≫ Autocad Lt SwPlatformmacos Version >= 2020 < 2020.3.2

Autodesk ≫ Autocad Lt Version >= 2021 < 2021.1.2

Autodesk ≫ Autocad Lt SwPlatformmacos Version >= 2021 < 2021.2.2

Autodesk ≫ Autocad Lt Version >= 2022 < 2022.1.2

Autodesk ≫ Autocad Lt SwPlatformmacos Version >= 2022 < 2022.2.2

Autodesk ≫ Autocad Map 3d Version >= 2019 < 2019.1.4

Autodesk ≫ Autocad Map 3d Version >= 2020 < 2020.1.5

Autodesk ≫ Autocad Map 3d Version >= 2021 < 2021.1.2

Autodesk ≫ Autocad Map 3d Version >= 2022 < 2022.1.2

Autodesk ≫ Autocad Mechanical Version >= 2019 < 2019.1.4

Autodesk ≫ Autocad Mechanical Version >= 2020 < 2020.1.5

Autodesk ≫ Autocad Mechanical Version >= 2021 < 2021.1.2

Autodesk ≫ Autocad Mechanical Version >= 2022 < 2022.1.2

Autodesk ≫ Autocad Mep Version >= 2019 < 2019.1.4

Autodesk ≫ Autocad Mep Version >= 2020 < 2020.1.5

Autodesk ≫ Autocad Mep Version >= 2021 < 2021.1.2

Autodesk ≫ Autocad Mep Version >= 2022 < 2022.1.2

Autodesk ≫ Autocad Plant 3d Version >= 2019 < 2019.1.4

Autodesk ≫ Autocad Plant 3d Version >= 2020 < 2020.1.5

Autodesk ≫ Autocad Plant 3d Version >= 2021 < 2021.1.2

Autodesk ≫ Autocad Plant 3d Version >= 2022 < 2022.1.2

Autodesk ≫ Design Review Version2018 Update-

Autodesk ≫ Design Review Version2018 Updatehotfix

Autodesk ≫ Design Review Version2018 Updatehotfix2

Autodesk ≫ Design Review Version2018 Updatehotfix3

Autodesk ≫ Dwg Trueview Version >= 2019 < 2019.1.4

Autodesk ≫ Dwg Trueview Version >= 2020 < 2020.1.5

Autodesk ≫ Dwg Trueview Version >= 2021 < 2021.1.2

Autodesk ≫ Dwg Trueview Version >= 2022 < 2022.1.1

Autodesk ≫ Fusion Version >= 2.0.10356 < 2.0.11405

Autodesk ≫ Infrastructure Parts Editor Version >= 2019 < 2019.2.2

Autodesk ≫ Infrastructure Parts Editor Version >= 2020 < 2020.0.2

Autodesk ≫ Infrastructure Parts Editor Version2021

Autodesk ≫ Infrastructure Parts Editor Version2022

Autodesk ≫ Infraworks Version >= 2019 < 2019.3

Autodesk ≫ Infraworks Version >= 2020 < 2020.2

Autodesk ≫ Infraworks Version >= 2021 < 2021.2

Autodesk ≫ Infraworks Version2019.3 Update-

Autodesk ≫ Infraworks Version2019.3 Updatehotfix_1

Autodesk ≫ Infraworks Version2019.3 Updatehotfix_2

Autodesk ≫ Infraworks Version2019.3 Updatehotfix_3

Autodesk ≫ Infraworks Version2020.2 Update-

Autodesk ≫ Infraworks Version2020.2 Updatehotfix_1

Autodesk ≫ Infraworks Version2020.2 Updatehotfix_2

Autodesk ≫ Infraworks Version2021.2 Update-

Autodesk ≫ Infraworks Version2021.2 Updatehotfix_1

Autodesk ≫ Infraworks Version2021.2 Updatehotfix_2

Autodesk ≫ Infraworks Version2022.0 Update-

Autodesk ≫ Infraworks Version2022.0 Updatehotfix_1

Autodesk ≫ Infraworks Version2022.1

Autodesk ≫ Inventor Version >= 2019 < 2019.6

Autodesk ≫ Inventor Version >= 2020 < 2020.5

Autodesk ≫ Inventor Version >= 2021 < 2021.4

Autodesk ≫ Inventor Version >= 2022 < 2022.2

Autodesk ≫ Navisworks Version >= 2019 < 2019.7

Autodesk ≫ Navisworks Version >= 2020 < 2020.5

Autodesk ≫ Navisworks Version >= 2021 < 2021.4

Autodesk ≫ Navisworks Version >= 2022 < 2022.2

Autodesk ≫ Revit Version >= 2019 < 2019.2.4

Autodesk ≫ Revit Version >= 2020 < 2020.2.6

Autodesk ≫ Revit Version >= 2021 < 2021.1.5

Autodesk ≫ Revit Version2022

Autodesk ≫ Storm And Sanitary Analysis Version >= 2020 < 2020.3.1

Autodesk ≫ Storm And Sanitary Analysis Version >= 2021 < 2021.3.1

Autodesk ≫ Storm And Sanitary Analysis Version2019

Autodesk ≫ Storm And Sanitary Analysis Version2022

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.311

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-40166

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-40166

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-40166

EUVD