PT-2022-11193 · Autodesk · Autodesk Inventor+1

Mat Powell

Published

2022-01-25

Updated

2022-11-16

CVE-2021-40158

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Autodesk Inventor versions 2019 through 2022 AutoCAD version 2022

Description A maliciously crafted JT file may cause the software to read beyond allocated boundaries when parsing the file. This issue, in conjunction with other vulnerabilities, could lead to code execution in the context of the current process. It can be exploited to execute arbitrary code.

Recommendations For Autodesk Inventor versions 2019 through 2022, update to a version that includes the fix for this issue. For AutoCAD version 2022, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the use of JT files in Autodesk Inventor and AutoCAD until a patch is available.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2021-40158

ZDI-22-281

ZDI-22-283

ZDI-22-284

ZDI-22-285

ZDI-22-286

ZDI-22-287

ZDI-22-288

ZDI-22-441

ZDI-22-443

ZDI-22-444

ZDI-22-445

ZDI-22-447

ZDI-22-448

ZDI-22-449

ZDI-22-450

ZDI-22-451

ZDI-22-452

ZDI-22-453

ZDI-22-454

ZDI-22-455

ZDI-22-466

Affected Products

Autocad

Autodesk Inventor

PT-2022-11193 · Autodesk · Autodesk Inventor+1

CVE-2021-40158

Weakness Enumeration

Related Identifiers

Affected Products

References · 25