CVE-2021-40166
Summary
| CVE | CVE-2021-40166 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-10-07 18:15:00 UTC |
| Updated | 2022-10-11 17:11:00 UTC |
| Description | A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute arbitrary code. |
Risk And Classification
Problem Types: CWE-416
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Autodesk | Autocad | All | All | All | All |
| Application | Autodesk | Autocad Advance Steel | All | All | All | All |
| Application | Autodesk | Autocad Architecture | All | All | All | All |
| Application | Autodesk | Autocad Civil 3d | All | All | All | All |
| Application | Autodesk | Autocad Electrical | All | All | All | All |
| Application | Autodesk | Autocad Lt | All | All | All | All |
| Application | Autodesk | Autocad Lt | All | All | All | All |
| Application | Autodesk | Autocad Map 3d | All | All | All | All |
| Application | Autodesk | Autocad Mechanical | All | All | All | All |
| Application | Autodesk | Autocad Mep | All | All | All | All |
| Application | Autodesk | Autocad Plant 3d | All | All | All | All |
| Application | Autodesk | Design Review | 2018 | - | All | All |
| Application | Autodesk | Design Review | 2018 | hotfix | All | All |
| Application | Autodesk | Design Review | 2018 | hotfix2 | All | All |
| Application | Autodesk | Design Review | 2018 | hotfix3 | All | All |
| Application | Autodesk | Dwg Trueview | All | All | All | All |
| Application | Autodesk | Fusion | All | All | All | All |
| Application | Autodesk | Infrastructure Parts Editor | All | All | All | All |
| Application | Autodesk | Infrastructure Parts Editor | 2021 | All | All | All |
| Application | Autodesk | Infrastructure Parts Editor | 2022 | All | All | All |
| Application | Autodesk | Infraworks | All | All | All | All |
| Application | Autodesk | Infraworks | 2019.3 | - | All | All |
| Application | Autodesk | Infraworks | 2019.3 | hotfix_1 | All | All |
| Application | Autodesk | Infraworks | 2019.3 | hotfix_2 | All | All |
| Application | Autodesk | Infraworks | 2019.3 | hotfix_3 | All | All |
| Application | Autodesk | Infraworks | 2020.2 | - | All | All |
| Application | Autodesk | Infraworks | 2020.2 | hotfix_1 | All | All |
| Application | Autodesk | Infraworks | 2020.2 | hotfix_2 | All | All |
| Application | Autodesk | Infraworks | 2021.2 | - | All | All |
| Application | Autodesk | Infraworks | 2021.2 | hotfix_1 | All | All |
| Application | Autodesk | Infraworks | 2021.2 | hotfix_2 | All | All |
| Application | Autodesk | Infraworks | 2022.0 | - | All | All |
| Application | Autodesk | Infraworks | 2022.0 | hotfix_1 | All | All |
| Application | Autodesk | Infraworks | 2022.1 | All | All | All |
| Application | Autodesk | Inventor | All | All | All | All |
| Application | Autodesk | Navisworks | All | All | All | All |
| Application | Autodesk | Revit | All | All | All | All |
| Application | Autodesk | Revit | 2022 | All | All | All |
| Application | Autodesk | Storm And Sanitary Analysis | All | All | All | All |
| Application | Autodesk | Storm And Sanitary Analysis | 2019 | All | All | All |
| Application | Autodesk | Storm And Sanitary Analysis | 2022 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security Advisories | Autodesk Trust Center | MISC | www.autodesk.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.