6.6
CVE-2025-4605
- EPSS 0.18%
- Veröffentlicht 11.06.2025 13:53:51
- Zuletzt bearbeitet 19.08.2025 14:15:39
- Quelle psirt@autodesk.com
- CVE-Watchlists
- Unerledigt
USD File Parsing Memory Allocation Vulnerability
A maliciously crafted .usdc file, when loaded through Autodesk Maya, can force an uncontrolled memory allocation vulnerability. A malicious actor may leverage this vulnerability to cause a denial-of-service (DoS), or cause data corruption.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Autodesk ≫ Universal Scene Description Version0.10 SwPlatform3ds_max
Autodesk ≫ Universal Scene Description Version0.31.0 SwPlatformmaya
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.075 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.6 | 1.8 | 4.7 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
|
| psirt@autodesk.com | 6.6 | 1.8 | 4.7 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
|
CWE-770 Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
CWE-789 Memory Allocation with Excessive Size Value
The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.
https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0011
https://www.autodesk.com/products/autodesk-access/overview
https://github.com/Autodesk/3dsmax-usd
https://github.com/Autodesk/maya-usd