Movatterモバイル変換

[0]ホーム
URL:

    AUTODESK TRUST CENTER

    Autodesk security advisories

    This page contains important information regarding security vulnerabilities that could affect specific versions of Autodesk products or services.

     

    Found a vulnerability and want to report it? Learn how inAutodesk Vulnerability Disclosure Policy.

    Spotlight advisories

    ADSK-SA-2025-SHAI-HULUD-MALWARE-INCIDENT

    Bulletin: Important Information on Shai-hulud Malware Incident

    Autodesk is aware of the recent compromise involving npm packages associated by Shai-hulud malware. Autodesk has not identified a direct impact to our products or services from this compromise. Supply chain risks continue to be monitored.

    2025-09-23

    ADSK-SA-2025-QIX-SUPPLY-CHAIN-INCIDENT

    Bulletin: Important Information on Qix Supply Chain Incident

    Autodesk is aware of compromised npm packages by Qix containing malicious code targeting cryptocurrency wallets. Autodesk has not identified a direct impact to our products or services from this compromise. Supply chain risks continue to be monitored.

    2025-09-15

    Security advisories for 2025

    ADSK-SA-2025-0022

    Privilege Escalation Vulnerability in Autodesk Installer

    Autodesk Installer is affected by the vulnerability listed below. Exploitation of this vulnerability can lead to code execution. Exploitation of this vulnerability requires user interaction.

    2025-11-06

    ADSK-SA-2025-0021

    RFA File Parsing Vulnerability in Autodesk Revit

    Autodesk Revit is affected by the vulnerability listed below. Exploitation of this vulnerability can lead to code execution. Exploitation of this vulnerability requires user interaction.

    2025-09-23

    ADSK-SA-2025-0020

    Stored Cross-Site Scripting (XSS) Vulnerability in Autodesk Fusion Desktop

    Autodesk Fusion is impacted by the vulnerability listed below. Exploitation of this vulnerability can lead to code execution. Exploitation of this vulnerability requires user interaction.

    2025-09-23

    ADSK-SA-2025-0019

    PRT Vulnerability in Certain Autodesk Products

    Certain Autodesk products use a shared component that is affected by the vulnerability listed below. Exploitation of this vulnerability can lead to code execution. Exploitation of this vulnerability requires user interaction.

    2025-09-22

    ADSK-SA-2025-0018

    PDF File Parsing Vulnerabilities in Certain Autodesk Desktop Products

    Autodesk Revit and certain AutoCAD-based products are affected by multiple vulnerabilities listed below. Exploitation of these vulnerabilities can lead to code execution. Exploitation of these vulnerabilities requires user interaction.

    2025-09-16

    ADSK-SA-2025-0017

    Multiple Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based Products

    Autodesk AutoCAD and certain AutoCAD-based products are affected by multiple vulnerabilities listed below. Exploitation of these vulnerabilities can lead to code execution. Exploitation of these vulnerabilities requires user interaction.

    2025-08-15

    ADSK-SA-2025-0016

    Multiple Vulnerabilities in 3ds Max

    Autodesk 3ds Max is affected by multiple vulnerabilities listed below. Exploitation of these vulnerabilities can lead to code execution. Exploitation of these vulnerabilities requires user interaction.

    2025-08-06

    ADSK-SA-2025-0015

    Multiple Vulnerabilities in Certain Autodesk Products

    Certain Autodesk products use a shared component that is affected by multiple vulnerabilities listed below. Exploitation of these vulnerabilities can lead to code execution. Exploitation of these vulnerabilities requires user interaction.

    2025-07-28

    ADSK-SA-2025-0014

    DWG Vulnerability in Certain Autodesk Desktop Products

    Certain Autodesk products are affected by the vulnerability listed below. Exploitation of this vulnerability can lead to code execution. Exploitation of this vulnerability requires user interaction.

    2025-07-24

    ADSK-SA-2025-0013

    RFA Out-of-Bounds Read Vulnerability in Autodesk Revit

    Autodesk Revit is affected by this vulnerability listed below. Exploitation of this vulnerability can lead to code execution. Exploitation of this vulnerability requires user interaction.

    2025-07-22

    adsk-sa-2025-microsoft-sharepoint-toolshell-vulnerability

    BULLETIN: Important Information on Microsoft SharePoint ToolShell Vulnerability

    Autodesk is aware of a recently disclosed Zero-Day vulnerability found in Microsoft SharePoint Server software. Following investigation, Autodesk has confirmed it does not use the affected versions of SharePoint and there is no impact on our systems.

    2025-07-21

    ADSK-SA-2025-0012

    Multiple Vulnerabilities in Autodesk Revit

    Autodesk Revit is affected by multiple vulnerabilities listed below. Exploitation of these vulnerabilities can lead to code execution. Exploitation of these vulnerabilities requires user interaction.

    2025-07-10

    ADSK-SA-2025-0011

    Arbitrary Memory Allocation Vulnerability in USD Plugin

    The USD (Universal Scene Description) plugin for Autodesk Maya has been affected by the vulnerability listed below. Exploitation of this vulnerability can lead to arbitrary code execution. Exploitation of this vulnerability requires user interaction.

    2025-06-11

    ADSK-SA-2025-0010

    Privilege Escalation Vulnerability in Autodesk Installer

    Autodesk Installer is affected by the vulnerability listed below. Exploitation of this vulnerability can lead to code execution.

    2025-06-10

    ADSK-SA-2025-0009

    RFA File Parsing Vulnerability in Autodesk Revit

    Autodesk Revit is affected by the vulnerability listed below. Exploitation of this vulnerability can lead to code execution. Exploitation of this vulnerability requires user interaction.

    2025-06-02

    adsk-sa-2025-0008

    Arbitrary Security Warning on Maya via Command Port

    Autodesk is issuing this advisory to inform users of an issue involving the Maya "command port" feature, which may lead to command execution.

    2025-05-02

    ADSK-SA-2024-AUTODESK-USER-ACCOUNTS

    UPDATE to Courtesy Bulletin: Industry-wide Increase in Third-Party Threat Activity

    1/10/25 - UPDATE: Autodesk has learned that suspected threat actors, believed to be linked to the threat activity we reported on in August 2024, have recently contacted some Autodesk customer organizations in the media and entertainment industry.

    2025-01-10

    ADSK-SA-2025-GENERAL-SCAM-WARNING

    Beware of Scammers Posing as Autodesk and its Authorized Partners

    This security bulletin is a reminder to be aware of potential scams. For example, individuals or entities may falsely represent themselves as authorized Autodesk partners or as Autodesk recruiters.

    2025-01-17

    ADSK-SA-2025-0007

    RCS Vulnerability in Certain Autodesk Desktop Products

    Certain Autodesk desktop products are affected by the vulnerability listed below. Exploitation of this vulnerability can lead to code execution. Exploitation of this vulnerability requires user interaction.

    2025-04-15

    ADSK-SA-2025-0006

    JPG Vulnerability in Certain Autodesk Desktop Products

    Certain Autodesk desktop products are affected by the vulnerability listed below. Exploitation of this vulnerability can lead to code execution. Exploitation of this vulnerability requires user interaction.

    2025-04-15

    ADSK-SA-2025-0005

    DWG Vulnerability in Autodesk Revit

    Autodesk Revit is affected by the vulnerability listed below. Exploitation of this vulnerability can lead to code execution. Exploitation of this vulnerability requires user interaction.

    2025-04-15

    ADSK-SA-2025-0004

    DWG Vulnerability in Certain Autodesk Desktop Products

    Autodesk AutoCAD and certain Autodesk desktop products are affected by the vulnerability listed below. Exploitation of this vulnerability can lead to code execution. Exploitation of this vulnerability requires user interaction.

    2025-04-15

    ADSK-SA-2025-0003

    PDF Vulnerabilities in Certain Autodesk Desktop Products

    Certain Autodesk desktop products are affected by multiple vulnerabilities listed below. Exploitation of these vulnerabilities can lead to code execution. Exploitation of these vulnerabilities requires user interaction.

    2025-04-15

    ADSK-SA-2025-0002

    DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software

    Autodesk Navisworks is affected by multiple DWFX vulnerabilities listed below. Exploitation of these vulnerabilities can lead to code execution. Exploitation of these vulnerabilities requires user interaction.

    2025-04-01

    adsk-sa-2025-oracle-cloud-data-breach

    BULLETIN: Important Information on Alleged Oracle Cloud Data Breach

    Recent public articles claim a threat actor breached Oracle Cloud Infrastructure sign-on systems. While the data itself is not available for review, the Autodesk domain is claimed to be part of the data in some form.

    2025-03-25

    ADSK-SA-2025-0001

    Multiple Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based Products

    Autodesk AutoCAD and certain AutoCAD-based products are affected by multiple vulnerabilities listed below. Exploitation of these vulnerabilities can lead to code execution. Exploitation of these vulnerabilities requires user interaction.

    2025-03-13

    Security advisories for 2024

    ADSK-SA-2024-CROWDSTRIKE-UPDATE

    Important update on Microsoft Windows systems impacted by CrowdStrike Update

    On July 18th, a worldwide outage of Microsoft Windows computers was caused by an update from CrowdStrike for its Falcon Sensor product which is used for endpoint protection. Per CrowdStrike, this outage is not a cyberattack.

    2024-07-19

    ADSK-SA-2024-0027

    DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software

    Autodesk Navisworks is affected by multiple DWFX vulnerabilities listed below. Exploitation of these vulnerabilities may lead to code execution. Exploitation of these vulnerabilities requires user interaction.

    2024-12-17

    ADSK-SA-2024-0026

    SKP File Parsing Heap Corruption Vulnerability in Autodesk Revit

    Autodesk Revit is affected by an SKP File Parsing Heap Corruption vulnerability. Exploitation of this vulnerability requires user interaction and may lead to an application crash or arbitrary code execution.

    2024-12-09

    ADSK-SA-2024-0025

    Untrusted Search Path Vulnerability in Autodesk Revit

    Autodesk Revit is affected by an Untrusted Search Path vulnerability. Exploitation of this vulnerability requires user interaction and may lead to arbitrary code execution.

    2024-12-09

    ADSK-SA-2024-0024

    PDF File Parsing Vulnerability in Autodesk Revit

    Autodesk Revit is affected by a PDF File Parsing vulnerability. Exploitation of this vulnerability requires user interaction and can cause a crash.

    2024-12-09

    ADSK-SA-2024-0023

    Privilege Escalation Vulnerability in the Autodesk ADP Desktop SDK

    Autodesk desktop applications utilizing the Autodesk Installer have been affected by an insecure temporary file vulnerability that allows a non-admin user to escalate their privileges. Exploitation of this vulnerability can lead to code execution.

    2024-11-14

    ADSK-SA-2024-0022

    Privilege Escalation Vulnerability in Autodesk VRED Design

    Autodesk VRED Design is affected by an untrusted search path vulnerability listed below. Exploitation of this vulnerability may lead to code execution.

    2024-11-05

    ADSK-SA-2024-0021

    DWG vulnerabilities in Autodesk desktop software

    Autodesk AutoCAD and certain Autodesk desktop products are affected by Out-of-Bounds Write and Stack-based Buffer Overflow vulnerabilities. Exploitation of these vulnerabilities may lead to code execution.

    2024-10-29

    ADSK-SA-2024-0020

    CATPART File Parsing Vulnerability in Autodesk AutoCAD and certain AutoCAD-based products

    Autodesk AutoCAD and certain AutoCAD-based products are affected by the vulnerability listed below. Exploitation of this vulnerability may lead to code execution.

    2024-10-29

    ADSK-SA-2024-0019

    Multiple vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products

    Autodesk AutoCAD and certain AutoCAD-based products are affected by multiple vulnerabilities listed below. Exploitation of these vulnerabilities may lead to code execution.

    2024-10-29

    ADSK-SA-2024-0018

    PDF File Parsing Vulnerability in Revit Software

    Autodesk Revit is affected by a PDF file parsing vulnerability. Exploitation of this vulnerability requires user interaction and may lead to remote code execution.

    2024-10-15

    ADSK-SA-2024-0017

    RFA File Parsing Vulnerability in Revit Software

    Autodesk Revit is affected by a file parsing vulnerability. Exploitation of this vulnerability requires user interaction and may lead to remote code execution.

    2024-10-15

    ADSK-SA-2024-0016

    Multiple Vulnerabilities in Autodesk InfraWorks Software

    Autodesk InfraWorks has been affected by multiple vulnerabilities detailed below. Exploitation of these vulnerabilities may lead to remote code execution and/or denial-of-service to the software and user devices.

    2024-10-02

    ADSK-SA-2024-0015

    DWF Vulnerabilities in Autodesk Navisworks Desktop Software

    Autodesk Navisworks is affected by multiple vulnerabilities listed below. Exploitation of these vulnerabilities may lead to remote code execution.

    2024-09-29

    ADSK-SA-2024-0014

    DWF Vulnerability in Autodesk AutoCAD Desktop Software

    Autodesk AutoCAD and certain AutoCAD-based products are affected by an Out-of-Bounds Write vulnerability. Exploitation of this vulnerability may lead to code execution.

    2024-08-19

    ADSK-SA-2024-0013

    Stack-based Overflow Vulnerability in Revit Software

    Autodesk Revit is affected by a Stack-based Overflow vulnerability. Exploitation of this vulnerability requires user interaction and may lead to code execution.

    2024-08-20

    ADSK-SA-2024-0012

    Multiple Vulnerabilities in Autodesk® InfraWorks® software

    Autodesk InfraWorks has been affected by multiple vulnerabilities detailed below. Exploitation of these vulnerabilities may lead to remote code execution and/or denial-of-service to the software and user devices. Hotfixes ar

    2024-07-16

    ADSK-SA-2024-0011

    Python-based exploit in Autodesk Maya software

    A Python-based exploit has been identified in Autodesk Maya and a free plugin is now available in the Autodesk App Store to help detect and resolve potential issues caused by this malicious code. Exploitation of this vulnera

    2024-06-17

    ADSK-SA-2024-0010

    Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products

    Autodesk AutoCAD and certain AutoCAD-based products are affected by Out-of-Bounds Write, Out-of-Bounds Read, Heap-based Overflow, Use-After-Free, Memory Corruption, and Uninitialized Variable vulnerabilities. Exploitation of

    2024-06-17

    ADSK-SA-2024-0009

    Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

    Autodesk AutoCAD and certain AutoCAD-based products are being affected by Out-of-Bounds Write, Out-of-Bounds Read, Heap based Overflow, Stack-based Overflow, Use-After-Free, Memory Corruption, Double Free, and Uninitialized

    2024-05-31

    ADSK-SA-2024-0008

    Vulnerabilities in Autodesk InfraWorks software

    Autodesk’s InfraWorks has been affected by third-party component vulnerabilities. Exploitation of these vulnerabilities could lead to remote code execution and/or denial-of-service to the software and user devices.

    2024-05-15

    ADSK-SA-2024-0007

    XZ Utils Backdoor Vulnerability CVE-2024-3094

    Autodesk is aware of the XZ security vulnerabilities. Refer to our security advisory for a comprehensive list of potentially impacted Autodesk products and services, along with our current recommendations.

    2024-04-08

    ADSK-SA-2024-0006

    Stack-based Overflow Vulnerability in the TrueViewTM Desktop Software

    Autodesk DWG TrueView product has been affected by Stack-based Overflow vulnerability.

    2024-03-14

    ADSK-SA-2024-0005

    ActionScript Byte Code “ABC” Vulnerability in the Autodesk FBX Review software

    Applications and services utilizing the Autodesk FBX Review software have been affected by an Out-Of-Bounds Write vulnerability. Exploitation of these vulnerabilities may lead to code execution.

    2024-03-14

    ADSK-SA-2024-0004

    Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

    Autodesk AutoCAD and certain AutoCAD-based products may be affected by Out-of-Bounds write, Stack-based Overflow, Heap based Overflow, Use-After-Free, Memory Corruption, Untrusted Pointer Dereference, Heap-based Buffer Overf

    2024-02-29

    ADSK-SA-2024-0003

    TinyXML Vulnerability in Autodesk Desktop Licensing Service

    Autodesk Desktop Licensing Service has been affected by a reachable assertion vulnerability detailed below. Exploitation of this vulnerability could lead to denial of service due to multiple assertions.

    2024-02-22

    ADSK-SA-2024-0002

    ZDI reported security vulnerabilities in the Autodesk AutoCAD Desktop Software

    ZDI published zero-day vulnerabilities on February 12th for versions of Autodesk AutoCAD products. Fixes for these vulnerabilities will be issued for affected versions of AutoCAD in an upcoming release. Please note, this adv

    2024-02-14

    ADSK-SA-2024-0001

    Multiple Vulnerabilities in Autodesk® InfraWorks® software

    Autodesk InfraWorks has been affected by multiple vulnerabilities detailed below. Exploitation of these vulnerabilities may lead to remote code execution and/or denial-of-service to the software and user devices. Hotfixes ar

    2024-01-31

    Security advisories for 2023

    ADSK-SA-2023-0025

    Out-of-Bounds Write Vulnerability in Autodesk FBX SDK

    Autodesk FBX SDK is affected by an Out-of-Bounds Write vulnerability. Exploitation of this vulnerability may lead to code execution. Exploitation of this vulnerability requires user interaction.

    2024-12-09

    ADSK-SA-2023-0024

    Multiple Vulnerabilities in Autodesk® InfoWorks® software

    Autodesk InfoWorks WS Pro and InfoWorks ICM have been affected by multiple vulnerabilities detailed below. Exploitation of these vulnerabilities may lead to remote code execution and/or denial of service to the software and

    2023-12-22

    ADSK-SA-2023-0023

    Vulnerabilities in Autodesk Infrastructure Parts Editor Software

    Autodesk® Infrastructure Parts Editor has been affected by third party component vulnerabilities. Exploitation of these vulnerabilities could lead to code execution and/or denial-of-service.

    2023-12-05

    ADSK-SA-2023-0022

    Multiple Vulnerabilities in Autodesk Desktop Licensing Service

    Autodesk Desktop Licensing Service has been affected by multiple vulnerabilities detailed below. Exploitation of these vulnerabilities could lead to code execution due to weak permissions.

    2023-11-27

    ADSK-SA-2023-0021

    Revocation of Autodesk code signing certificate in the Autodesk AutoCAD Desktop Software

    Autodesk has revoked the certificate on August 5th for all software code signed after July 10, 2022 (00:00 GMT). Autodesk has issued updates signed using a new digital certificate for AutoCAD-based products. Please note, onl

    2023-11-15

    ADSK-SA-2023-0020

    Access Control Vulnerability in the Autodesk Customer Portal

    This advisory is about access to support case data via the Autodesk Customer Portal for all Autodesk products.

    2023-10-19

    ADSK-SA-2023-0019

    LibXml2 Vulnerability in the Autodesk Civil 3D Software

    Applications and services utilizing Autodesk Civil 3D have been affected by a LibXml2 vulnerability.

    2023-08-29

    ADSK-SA-2023-0018

    Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

    Autodesk AutoCAD and certain AutoCAD-based products have been affected by Out-of-Bounds Write, Heap-based Buffer Overflow, Untrusted Pointer Dereference, and Memory Corruption vulnerabilities.

    2023-08-24

    ADSK-SA-2023-0017

    Vulnerabilities in the PSKernel component used by specific Autodesk products

    Autodesk® applications and services that utilize the PSKernel Component may be affected by Out-of-Bounds Read, Integer Overflow and Memory Corruption Write vulnerabilities. Exploitation of these vulnerabilities may lead to c

    2023-07-27

    ADSK-SA-2023-0016

    Memory Corruption Vulnerability in the Autodesk FeatureCAM Software

    Autodesk FeatureCAM software has been affected by Memory Corruption vulnerabilities. Exploitation of these vulnerabilities may lead to code execution and/or denial-of-service. Autodesk

    2023-06-23

    ADSK-SA-2023-0015

    Multiple Vulnerabilities in Autodesk Material Management component used by Autodesk products

    Autodesk products leveraging internal components, Autodesk Material Management, and those implicitly importing vulnerable versions expat and libcurl may be impacted by Out-of-bound Write, User-After-Free, Information Disclos

    2023-06-23

    ADSK-SA-2023-0014

    SQLite Vulnerability in the Autodesk Civil3D Software

    Applications and services utilizing Autodesk Civil3D have been affected by an SQLite vulnerability.

    2023-06-20

    ADSK-SA-2023-0013

    Privilege Escalation Vulnerability in the Autodesk® Desktop Connector Software

    Applications and services utilizing the Autodesk Desktop Connector have been affected by a Privilege Escalation vulnerability.

    2023-06-19

    ADSK-SA-2023-0012

    Multiple Vulnerabilities in Autodesk® InfraWorks software

    Autodesk InfraWorks has been affected by multiple vulnerabilities detailed below. Exploitation of these vulnerabilities may lead to remote code execution and/or denial-of-service to the software and user devices. Hotfixes ar

    2023-06-14

    ADSK-SA-2023-0011

    Heap-based buffer over-read in Autodesk® Desktop Licensing Service

    Autodesk® Desktop Licensing Installer has been affected by privilege escalation vulnerabilities. Exploitation of these vulnerabilities could lead to code execution due to weak permissions.

    2023-06-12

    ADSK-SA-2023-0010

    Privilege Escalation Vulnerability in the Autodesk® Installer Software

    Applications and services utilizing the Autodesk installer have been affected by a Privilege Escalation vulnerability.

    2023-04-25

    ADSK-SA-2023-0009

    Multiple Vulnerabilities in PSKernel component used by specific Autodesk® products

    Multiple Autodesk products have been affected by out-of-bound-read, out-of-bound-write, Integer Overflow, and Memory Corruption vulnerabilities.

    2023-04-23

    ADSK-SA-2023-0008

    Vulnerabilities in the Autodesk® 3ds Max® USD plugin

    USD (Universal Scene Description) plugin for Autodesk® 3ds Max® has been affected by file-parsing uninitialized variable, use-after-free, out-of-bounds read, and out-of-bounds write vulnerabilities.

    2023-04-27

    ADSK-SA-2023-0007

    Multiple Vulnerabilities in Autodesk® InfraWorks® Software

    Autodesk® InfraWorks® has been affected by multiple vulnerabilities detailed below. Exploitation of these vulnerabilities may lead to remote code execution and/or denial-of-service to the software and user devices. Hotfixes

    2023-04-17

    ADSK-SA-2023-0006

    Use-After-Free Vulnerability in Autodesk® InfraWorks® Software

    Applications and services utilizing Autodesk InfraWorks have been affected by a use-after-free vulnerability. The exploitation of these vulnerabilities may lead to code execution. Hotfixes are available in the Autodesk Deskt

    2023-04-17

    ADSK-SA-2023-0005

    Multiple Vulnerabilities in the Autodesk® AutoCAD® Desktop Software

    Multiple Autodesk® AutoCAD® and AutoCAD-based products have been affected by Out-of-Bounds Read, Integer Overflow, Stack Buffer Overflow, Memory Corruption Read, and Memory Corruption Write vulnerabilities.

    2023-04-06

    ADSK-SA-2023-0004

    Multiple Vulnerabilities in the Autodesk® FBX® SDK software

    Applications and services utilizing the Autodesk® FBX® SDK software have been affected by an Out-Of-Bounds Write and Stack Buffer Overflow vulnerabilities. Exploitation of these vulnerabilities may lead to information disclo

    2023-03-29

    ADSK-SA-2023-0003

    Vulnerabilities for Autodesk® Maya® USD plugin

    USD (Universal Scene Description) plugin for Autodesk® Maya® has been affected by a file uninitialized variable, out-of-bounds read, and out-of-bounds write vulnerabilities.

    2023-03-29

    ADSK-SA-2023-0002

    Use After Free Vulnerability in SKP component used by the Autodesk® products

    Applications and services that utilize Sketchup components used by Autodesk products may be impacted by Use-after-free vulnerability.

    2023-03-25

    Security advisories for 2022

    ADSK-SA-2022-0025

    Vulnerabilities in Autodesk Image Processing component used by Autodesk products II

    Applications and services that utilize Image Processing component used by Autodesk products may be impacted by Out-of-bound Read, Heap-based Overflow, Out-of-bound Write, Memory corruption, and Use-after-free vulnerabilities

    2022-12-14

    ADSK-SA-2022-0024

    DLL Search Order Hijacking Vulnerability in the DWG TrueView™ Desktop Software

    DWG TrueView™ product has been affected by a Search Order Hijacking vulnerability.

    2022-11-15

    ADSK-SA-2022-0023

    Vulnerabilities in Zlib component used by Autodesk ® products

    Autodesk products leveraging the third-party component Zlib, and those implicitly importing vulnerable versions of Zlib, may be impacted by Out-of-bound Write vulnerability.

    2022-09-23

    ADSK-SA-2022-0022

    Multiple Vulnerabilities in the Autodesk® FBX® SDK software

    Applications and services utilizing the Autodesk® FBX® SDK software have been affected by an Out-Of-Bounds Read, Out-Of-Bounds Write, and Use-After-Free vulnerabilities. Exploitation of these vulnerabilities may lead to code

    2022-09-14

    ADSK-SA-2022-0021

    Multiple Vulnerabilities in the Autodesk® Design Review, Autodesk® Advance Steel, Autodesk® Civil 3D® and AutoCAD® Desktop software

    Applications and Services that utilize Autodesk Design Review and AutoCAD products may be affected by Heap Based Overflow and Memory Corruption vulnerabilities. Exploitation of these vulnerabilities could lead to remote code

    2022-09-22

    ADSK-SA-2022-0020

    Multiple Vulnerabilities in the Autodesk® AutoCAD® and Maya® Desktop Software

    Multiple Autodesk AutoCAD, AutoCAD-based products, and Maya have been affected by Out-of-bound Read, Out-of-bound Write, Use of Uninitialized Variable, Heap based Buffer Overflow, and Memory Corruption vulnerabilities.

    2022-09-22

    ADSK-SA-2022-0017

    Vulnerabilities in Autodesk Material Management component used by Autodesk ® products

    Autodesk products leveraging internal components, Autodesk Material Management and thus implicitly importing vulnerable versions expat and libcurl may be impacted by Out-of-bound Read, User-After-Free, NULL Pointer Dereferen

    2022-07-28

    ADSK-SA-2022-0016

    OpenSSL Vulnerability component used by Autodesk ® products

    Autodesk products and dependent application, services using OpenSSL component may be impacted by Loop with Unreachable Exit Condition ('Infinite Loop') vulnerabilities. Exploitation of these vulnerabilities may lead to code

    2022-07-28

    ADSK-SA-2022-0015

    Vulnerabilities in the Autodesk® desktop app (ADA)

    Autodesk® desktop app (ADA) product have been affected by Improper Privilege Management vulnerability detailed below. Exploitation of these vulnerabilities may lead to code execution and/or denial-of-service to the software

    2022-07-22

    ADSK-SA-2022-0014

    PRT Vulnerabilities in the Autodesk® AutoCAD® Desktop Software

    Multiple Autodesk products have been affected by Out-of-bound Read vulnerability.

    2022-07-14

    ADSK-SA-2022-0013

    XML External Entities (XXE) Vulnerabilities in Autodesk® Fusion360® software

    Autodesk® Fusion 360® has been affected by XML External Entities (XXE) vulnerabilities detailed below. Exploitation of these vulnerabilities may lead to remote code execution and/or denial-of-service to the software and user

    2022-06-13

    ADSK-SA-2022-0012

    Multiple Vulnerabilities in Autodesk® InfraWorks® software

    Autodesk® InfraWorks® has been affected by multiple vulnerabilities detailed below. Exploitation of these vulnerabilities may lead to remote code execution and/or denial-of-service to the software and user devices. Hotfixes

    2022-06-03

    ADSK-SA-2022-0011

    Heap-based Buffer Overflow and Untrusted Pointer Dereference Vulnerabilities in the PDFTron component used by Autodesk products

    Applications and Services that utilize versions of PDFTron prior to 9.1.17 may be impacted by Heap-based Buffer Overflow, and Untrusted Pointer Dereference vulnerabilities.

    2022-05-25

    ADSK-SA-2022-0010

    Multiple TIF Vulnerabilities in the Autodesk® 3ds Max® Desktop software

    Applications and services that utilize Autodesk 3ds Max may be affected by Out-of-bound Read/Write vulnerabilities. Exploitation of these vulnerabilities may lead to remote code execution.

    2022-05-04

    ADSK-SA-2022-0009

    Multiple Vulnerabilities in the Autodesk® Design Review software

    Applications and Services that utilize Autodesk Design Review may be affected by Double Free, and Out-of-bound Read/Write vulnerabilities. Exploitation of these vulnerabilities could lead to remote code execution.

    2022-04-28

    ADSK-SA-2022-0008

    Multiple Vulnerabilities in the Autodesk® Infraworks software

    Autodesk® InfraWorks® has been affected by multiple vulnerabilities detailed below. Exploitation of these vulnerabilities may lead to remote code execution and/or denial-of-service to the software and user devices. Hotfixes

    2022-04-20

    ADSK-SA-2022-0007

    PDF and DWG Vulnerabilities in the Autodesk® AutoCAD® Desktop software

    Applications and Services that utilize certain Autodesk products are affected by Out-of-bounds Read, Out-of-bounds Write, untrusted pointer Dereference, and memory corruption vulnerabilities. Exploitation of these vulnerabil

    2022-02-28

    ADSK-SA-2022-0006

    ActionScript Byte Code “ABC” Vulnerabilities in the Autodesk® FBX® Review and Autodesk® 3ds Max® software

    Applications and services utilizing the Autodesk FBX Review have been affected by an Out-Of-Bounds Read vulnerability. Exploitation of these vulnerabilities may lead to code execution and/or denial-of-service.

    2022-02-28

    ADSK-SA-2022-0005

    DWF Vulnerabilities in the Autodesk® AutoCAD® Desktop Software

    Multiple Autodesk products have been affected by Use After Free, Out-of-bound-write, Stack-based Buffer, Memory Corruption, and Buffer Overflow vulnerabilities.

    2022-02-28

    ADSK-SA-2022-0004

    Multiple Vulnerabilities in the Autodesk® Design Review, Autodesk® Advance Steel, Autodesk® Civil 3D® and AutoCAD® Desktop software

    Applications and services that utilize Autodesk Design Review, Advance Steel, Civil 3D® and AutoCAD products may be affected by Double Free, Heap Overflow, Out-of-bound Read/Write, Use-After-Free, and Type Confusion vulnerab

    2022-01-14

    ADSK-SA-2022-0003

    Log4net Vulnerabilities in the .NET based Autodesk Products

    Applications and Services that utilize the Log4net.dll earlier than 2.0.10 version can be impacted by Improper Restriction of XML External Entity Reference ('XXE') vulnerabilities.

    2022-01-12

    ADSK-SA-2022-0002

    JT Vulnerabilities in Autodesk® Inventor® and Autodesk® Advance Steel, Autodesk® Civil 3D® and AutoCAD® Desktop software

    Applications and Services that utilize certain Autodesk products may be affected by Out-of-bounds Read, Out-of-bounds Write, and Information disclosure vulnerabilities. Exploitation of these vulnerabilities in conjunction wi

    2022-01-12

    ADSK-SA-2022-0001

    Multiple Vulnerabilities in Autodesk® InfraWorks® software

    Autodesk® InfraWorks® has been affected by multiple vulnerabilities detailed below. Exploitation of these vulnerabilities may lead to remote code execution and/or denial-of-service to the software and user devices. Hotfixes

    2022-01-13

    Security advisories for 2016-2021

    ADSK-SA-2021-0012

    Apache Log4j Vulnerabilities: Impact on Autodesk Products

    Autodesk is aware of the Apache Log4j security vulnerabilities. Refer to the products and services list in the security advisory for the remediation status.

    2021-12-23

    ADSK-SA-2021-0011

    Vulnerabilities in Autodesk Image Processing component used by Autodesk products

    Applications and Services that utilize Image Processing component used by Autodesk products may be impacted by Out-of-bound Read, Heap based Overflow, Out-of-bound Write, Memory corruption, and Use-after-free vulnerabilities

    2021-12-06

    ADSK-SA-2021-0010

    Vulnerabilities in the PDFTron component used by Autodesk products

    Applications and Services that utilize versions of PDFTron prior to 9.0.7 may be impacted by out-of-bound read and memory corruption vulnerabilities.

    2021-12-06

    ADSK-SA-2021-0009

    DWG Vulnerabilities in the Autodesk® Navisworks Desktop software

    Applications and Services that utilize Autodesk Navisworks may be affected by Out-of-bounds Read and Out-of-bounds Write vulnerabilities. Exploitation of these vulnerabilities could lead to code execution.

    2021-09-13

    ADSK-SA-2021-0008

    PDF Vulnerabilities in the Autodesk® Navisworks Desktop software

    Applications and Services that utilize Autodesk Navisworks may be affected by Out-of-bounds Read, Memory Corruption vulnerabilities. Exploitation of these vulnerabilities could lead to code execution.

    2021-09-13

    ADSK-SA-2021-0007

    Vulnerabilities in Autodesk® Infrastructure Parts Editor software

    Autodesk® Infrastructure Parts Editor has been affected by third party component vulnerabilities. Exploitation of these vulnerabilities could lead to code execution and/or denial-of-service.

    2021-08-31

    ADSK-SA-2021-0006

    MAXScript exploit "MSCPROP.DLL" in Autodesk® 3ds Max® software

    A variant of a MAXScript exploit "MSCPROP.DLL" has been identified and a free plugin is now available in the Autodesk App Store to help detect and resolve potential issues caused by this malicious code.

    2021-07-15

    ADSK-SA-2021-0005

    Vulnerabilities in Autodesk® InfraWorks software

    Autodesk® InfraWorks has been affected by multiple vulnerabilities. Exploitation of these vulnerabilities could lead to remote code execution and/or denial-of-service to the software and user devices.

    2021-06-18

    ADSK-SA-2021-0004

    Vulnerabilities in the Autodesk® AutoCAD® family of products

    Applications and Services that utilize Autodesk AutoCAD products are affected by Out-of-bound Read, Out-of-bound Write, and Memory Corruption vulnerabilities. Exploitation of these vulnerabilities could lead to arbitrary cod

    2021-06-17

    ADSK-SA-2021-0003

    Vulnerabilities in the Autodesk® Design Review software

    Applications and Services that utilize Autodesk Design Review may be affected by Double Free, Heap Overflow, Out-of-bound Read/Write, Use-After-Free, Type Confusion, and Uninitialized Variable vulnerabilities. Exploitation o

    2021-06-14

    ADSK-SA-2021-0002

    Privilege Escalation Vulnerabilities in Autodesk® Licensing Service

    Autodesk® Desktop Licensing Installer has been affected by Privilege Escalation vulnerabilities. Exploitation of these vulnerabilities could lead to code execution due to weak permissions.

    2021-06-14

    ADSK-SA-2021-0001

    Vulnerabilities in the Autodesk® FBX Review software

    Applications and Services that utilize the Autodesk FBX Review have been affected by Use-After-Free, Memory Corruption, Out-Of-Bounds Read, Untrusted Pointer Dereference, and Directory Traversal vulnerabilities. Exploitation

    2021-04-15

    ADSK-SA-2020-0006

    Use-After-Free and XML Entity Expansion Vulnerabilities in Autodesk® InfraWorks

    Autodesk® InfraWorks has been affected by Use-After-Free and XML Entity Expansion vulnerabilities. Exploitation of these vulnerabilities could lead to remote code execution and/or denial-of-service.

    2024-10-30

    ADSK-SA-2020-0005

    MAXScript exploit "PhysXPluginMfx" in Autodesk® 3ds Max® software

    A variant of a MAXScript exploit "PhysXPluginMfx" has been identified and a free plugin is now available in the Autodesk App Store to help detect and resolve potential issues caused by this malicious code.

    2020-10-08

    ADSK-SA-2020-0004

    Vulnerabilities in Autodesk® InfraWorks

    Autodesk InfraWorks has been affected by heap overflow, code injection, out-of-bounds read, and stack-based buffer overflow vulnerabilities in the libcurl component.

    2020-06-25

    ADSK-SA-2020-0003

    Script exploit in Autodesk® Maya

    A third-party malicious script was identified and a fix has been made available. The script can execute malicious code that can corrupt the Maya environment, cause data loss and instability, as well as spread to other system

    2020-05-20

    ADSK-SA-2020-0002

    Vulnerabilities in the Autodesk® FBX Software Development Kit

    Applications and Services that utilize the FBX-SDK Ver. 2020.0 or earlier can be impacted by buffer overflow, type confusion, use-after-free, integer overflow, NULL pointer dereference, and heap overflow vulnerabilities.

    2020-04-15

    ADSK-SA-2020-0001

    Improper Signature Validation Vulnerability in Autodesk® Dynamo BIM

    Autodesk® Dynamo BIM is affected by an improper signature validation vulnerability which may lead to code execution through maliciously crafted DLL files.

    2020-04-01

    ADSK-SA-2019-0005

    MAXScript exploit in Autodesk® 3ds Max

    A variant of a MAXScript exploit was identified and a fix has been made available. The exploit can execute malicious code that can corrupt the 3ds Max environment, cause data loss and instability, as well as spread to other systems.

    2020-01-09

    ADSK-SA-2019-0004

    Vulnerability in the Autodesk® Desktop Application

    Autodesk Desktop Application is affected by a DLL preloading vulnerability.

    2019-11-29

    ADSK-SA-2019-0003

    Vulnerability in the Autodesk® FBX Software Development Kit

    FBX is affected by a buffer overflow vulnerability which may lead to arbitrary code execution on a system running it.

    2019-10-30

    ADSK-SA-2019-0002

    Vulnerabilities in Autodesk® AutoCAD and Design Review Products

    Multiple Autodesk products have been affected by DLL preloading and use-after-free vulnerabilities.

    2019-08-16

    ADSK-SA-2019-0001

    Vulnerabilities in the Autodesk® AutoCAD Products

    Multiple Autodesk® AutoCAD® products have been affected by heap overflow, use-after-free, and deserialization vulnerabilities.

    2019-02-14

    ADSK-SA-2017-001

    Denial of Service Vulnerabilities in the Autodesk Backburner Rendering Management Software

    The Autodesk® Backburner 2016 service command line interface accepts a set of remote telnet commands. When insufficient number of arguments are passed, it fails to handle a specific command request which results in an unhandled Null Dereference...

    2017-02-17

    ADSK-SA-2016-02

    Vulnerabilities in Autodesk® Design Review 2013

    Vulnerabilities were identified in the Autodesk® Design Review 2013 application that can result in arbitrary and unauthorized remote code execution.

    2016-12-14

    ADSK-SA-2016-01

    Vulnerabilities in the Autodesk FBX Software Development Kit

    Applications and Services that utilize the Autodesk® FBX-SDK Ver. 2017.0 or earlier for processing FBX, DXF, DAE and 3DS formatted files can be impacted by vulnerabilities related to improper memory allocation when opening malformed files.

    2016-05-12

    Help us stay secure

    Need help?

    Browse answers to your questions or contact an agent for assistance.

    Use genuine Autodesk Licenses

    Avoid software failure, increased exposure to malware, and associated risks by using genuine Autodesk software. Visit Autodesk Genuine to learn more.

    [8]ページ先頭
    ©2009-2025 Movatter.jp