Autodesk 3Ds Max vulnerabilities

CVE-2026-0536 [HIGH] CWE-787 CVE-2026-0536: A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

CVE-2026-0537 [HIGH] CWE-787 CVE-2026-0537: A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

CVE-2026-0662 [HIGH] CWE-426 CVE-2026-0662: A maliciously crafted project directory, when opening a max file in Autodesk 3ds Max, could lead to A maliciously crafted project directory, when opening a max file in Autodesk 3ds Max, could lead to execution of arbitrary code in the context of the current process due to an Untrusted Search Path being utilized.

CVE-2026-0538 [HIGH] CWE-787 CVE-2026-0538: A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Wri A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

CVE-2026-0660 [HIGH] CWE-121 CVE-2026-0660: A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

CVE-2026-0661 [HIGH] CWE-787 CVE-2026-0661: A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

CVE-2026-0659 [HIGH] CWE-787 CVE-2026-0659: A maliciously crafted USD file, when loaded or imported into Autodesk Arnold or Autodesk 3ds Max, ca A maliciously crafted USD file, when loaded or imported into Autodesk Arnold or Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

CVE-2025-11795 [HIGH] CWE-787 CVE-2025-11795: A maliciously crafted JPG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Wri A maliciously crafted JPG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

CVE-2025-11797 [HIGH] CWE-416 CVE-2025-11797: A maliciously crafted DWG file, when parsed through Autodesk 3ds Max, can force a Use-After-Free vul A maliciously crafted DWG file, when parsed through Autodesk 3ds Max, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVE-2025-6633 [HIGH] CWE-787 CVE-2025-6633: A maliciously crafted RBG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Wri A maliciously crafted RBG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVE-2025-6634 [HIGH] CWE-120 CVE-2025-6634: A maliciously crafted TGA file, when linked or imported into Autodesk 3ds Max, can force a Memory Co A maliciously crafted TGA file, when linked or imported into Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

CVE-2025-6632 [MEDIUM] CWE-125 CVE-2025-6632: A maliciously crafted PSD file, when linked or imported into Autodesk 3ds Max, can force an Out-of-B A maliciously crafted PSD file, when linked or imported into Autodesk 3ds Max, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVE-2023-25002 [HIGH] CWE-416 CVE-2023-25002: A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability. A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.

CVE-2022-25793 [HIGH] CWE-1284 CVE-2022-25793: A Stack-based Buffer Overflow Vulnerability in Autodesk 3ds Max 2022, 2021, and 2020 may lead to cod A Stack-based Buffer Overflow Vulnerability in Autodesk 3ds Max 2022, 2021, and 2020 may lead to code execution through the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer when parsing ActionScript Byte Code files. This vulnerability may allow arbitrary code execution on affected

CVE-2022-27871 [HIGH] CWE-770 CVE-2022-27871: Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9.1.17 version may be used to write beyond the allocated buffer while parsing PDF files. This vulnerability may be exploited to execute arbitrary code.

CVE-2022-27532 [HIGH] CWE-787 CVE-2022-27532: A maliciously crafted TIF file in Autodesk 3ds Max 2022 and 2021 can be used to write beyond the all A maliciously crafted TIF file in Autodesk 3ds Max 2022 and 2021 can be used to write beyond the allocated buffer while parsing TIF files. This vulnerability in conjunction with other vulnerabilities could lead to arbitrary code execution.

CVE-2022-27531 [HIGH] CWE-125 CVE-2022-27531: A maliciously crafted TIF file can be forced to read beyond allocated boundaries in Autodesk 3ds Max A maliciously crafted TIF file can be forced to read beyond allocated boundaries in Autodesk 3ds Max 2022, and 2021 when parsing the TIF files. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVE-2009-3577 [CRITICAL] CWE-94 CVE-2009-3577: Autodesk 3D Studio Max (3DSMax) 6 through 9 and 2008 through 2010 allows remote attackers to execute Autodesk 3D Studio Max (3DSMax) 6 through 9 and 2008 through 2010 allows remote attackers to execute arbitrary code via a .max file with a MAXScript statement that calls the DOSCommand method, related to "application callbacks."

CVE-2005-4710 [MEDIUM] CVE-2005-4710: Unspecified vulnerability in multiple Autodesk and AutoCAD products and product families from 2006 a Unspecified vulnerability in multiple Autodesk and AutoCAD products and product families from 2006 and earlier allows remote attackers to "gain inappropriate access to another local user's computer," aka ID DL5549329.