CVE-2021-40156 — Out-of-bounds Write in Navisworks

CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.4%

top 38.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Autodesk Navisworks

Timeline

PublishedSep 15

Latest updateMay 24

Description

A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to write beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execute arbitrary code.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

▶NVDautodesk/navisworks4 versions+3

🔴Vulnerability Details

GHSA

GHSA-7qg6-74r3-86w6: A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to write beyond allocated boundaries when parsing the DWG f↗2022-05-24

▶

CVEList

CVE-2021-40156: A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to write beyond allocated boundaries when parsing the DWG f↗2021-09-15

▶