PT-2021-22823 · Autodesk · Autodesk Navisworks

Published

2021-09-14

Updated

2021-09-28

CVE-2021-40155

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Autodesk Navisworks versions 2019 through 2022

Description The issue arises when parsing maliciously crafted DWG files, causing the software to read beyond allocated boundaries. This can be exploited to execute arbitrary code.

Recommendations For Autodesk Navisworks versions 2019 through 2022, update to a version that includes a fix for this issue to prevent exploitation. As a temporary workaround, consider restricting the use of DWG files from untrusted sources until a patch is available.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2021-40155

ZDI-21-1060

ZDI-21-1062

Affected Products

Autodesk Navisworks

PT-2021-22823 · Autodesk · Autodesk Navisworks

CVE-2021-40155

Weakness Enumeration

Related Identifiers

Affected Products

References · 6