CVE-2021-40166

A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute arbitrary code.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
autodeskCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
VendorProductVersion
autodeskautocad
2019 ≤
𝑥
< 2019.1.4
autodeskautocad
2020 ≤
𝑥
< 2020.1.5
autodeskautocad
2021 ≤
𝑥
< 2021.1.2
autodeskautocad
2022 ≤
𝑥
< 2022.1.2
autodeskautocad_advance_steel
2019 ≤
𝑥
< 2019.1.4
autodeskautocad_advance_steel
2020 ≤
𝑥
< 2020.1.5
autodeskautocad_advance_steel
2021 ≤
𝑥
< 2021.1.2
autodeskautocad_advance_steel
2022 ≤
𝑥
< 2022.1.2
autodeskautocad_architecture
2019 ≤
𝑥
< 2019.1.4
autodeskautocad_architecture
2020 ≤
𝑥
< 2020.1.5
autodeskautocad_architecture
2021 ≤
𝑥
< 2021.1.2
autodeskautocad_architecture
2022 ≤
𝑥
< 2022.1.2
autodeskautocad_civil_3d
2019 ≤
𝑥
< 2019.1.4
autodeskautocad_civil_3d
2020 ≤
𝑥
< 2020.1.5
autodeskautocad_civil_3d
2021 ≤
𝑥
< 2021.1.2
autodeskautocad_civil_3d
2022 ≤
𝑥
< 2022.1.2
autodeskautocad_electrical
2019 ≤
𝑥
< 2019.1.4
autodeskautocad_electrical
2020 ≤
𝑥
< 2020.1.5
autodeskautocad_electrical
2021 ≤
𝑥
< 2021.1.2
autodeskautocad_electrical
2022 ≤
𝑥
< 2022.1.2
autodeskautocad_lt
2019 ≤
𝑥
< 2019.1.4
autodeskautocad_lt
2020 ≤
𝑥
< 2020.1.5
autodeskautocad_lt
2020 ≤
𝑥
< 2020.3.2
autodeskautocad_lt
2021 ≤
𝑥
< 2021.1.2
autodeskautocad_lt
2021 ≤
𝑥
< 2021.2.2
autodeskautocad_lt
2022 ≤
𝑥
< 2022.1.2
autodeskautocad_lt
2022 ≤
𝑥
< 2022.2.2
autodeskautocad_map_3d
2019 ≤
𝑥
< 2019.1.4
autodeskautocad_map_3d
2020 ≤
𝑥
< 2020.1.5
autodeskautocad_map_3d
2021 ≤
𝑥
< 2021.1.2
autodeskautocad_map_3d
2022 ≤
𝑥
< 2022.1.2
autodeskautocad_mechanical
2019 ≤
𝑥
< 2019.1.4
autodeskautocad_mechanical
2020 ≤
𝑥
< 2020.1.5
autodeskautocad_mechanical
2021 ≤
𝑥
< 2021.1.2
autodeskautocad_mechanical
2022 ≤
𝑥
< 2022.1.2
autodeskautocad_mep
2019 ≤
𝑥
< 2019.1.4
autodeskautocad_mep
2020 ≤
𝑥
< 2020.1.5
autodeskautocad_mep
2021 ≤
𝑥
< 2021.1.2
autodeskautocad_mep
2022 ≤
𝑥
< 2022.1.2
autodeskautocad_plant_3d
2019 ≤
𝑥
< 2019.1.4
autodeskautocad_plant_3d
2020 ≤
𝑥
< 2020.1.5
autodeskautocad_plant_3d
2021 ≤
𝑥
< 2021.1.2
autodeskautocad_plant_3d
2022 ≤
𝑥
< 2022.1.2
autodeskdwg_trueview
2019 ≤
𝑥
< 2019.1.4
autodeskdwg_trueview
2020 ≤
𝑥
< 2020.1.5
autodeskdwg_trueview
2021 ≤
𝑥
< 2021.1.2
autodeskdwg_trueview
2022 ≤
𝑥
< 2022.1.1
autodeskfusion
2.0.10356 ≤
𝑥
< 2.0.11405
autodeskinfrastructure_parts_editor
2019 ≤
𝑥
< 2019.2.2
autodeskinfrastructure_parts_editor
2020 ≤
𝑥
< 2020.0.2
autodeskinfraworks
2019 ≤
𝑥
< 2019.3
autodeskinfraworks
2020 ≤
𝑥
< 2020.2
autodeskinfraworks
2021 ≤
𝑥
< 2021.2
autodeskinfraworks
2019.3
autodeskinfraworks
2019.3:hotfix_1
autodeskinfraworks
2019.3:hotfix_2
autodeskinfraworks
2019.3:hotfix_3
autodeskinfraworks
2020.2
autodeskinfraworks
2020.2:hotfix_1
autodeskinfraworks
2020.2:hotfix_2
autodeskinfraworks
2021.2
autodeskinfraworks
2021.2:hotfix_1
autodeskinfraworks
2021.2:hotfix_2
autodeskinfraworks
2022.0
autodeskinfraworks
2022.0:hotfix_1
autodeskinfraworks
2022.1
autodeskinventor
2019 ≤
𝑥
< 2019.6
autodeskinventor
2020 ≤
𝑥
< 2020.5
autodeskinventor
2021 ≤
𝑥
< 2021.4
autodeskinventor
2022 ≤
𝑥
< 2022.2
autodesknavisworks
2019 ≤
𝑥
< 2019.7
autodesknavisworks
2020 ≤
𝑥
< 2020.5
autodesknavisworks
2021 ≤
𝑥
< 2021.4
autodesknavisworks
2022 ≤
𝑥
< 2022.2
autodeskrevit
2019 ≤
𝑥
< 2019.2.4
autodeskrevit
2020 ≤
𝑥
< 2020.2.6
autodeskrevit
2021 ≤
𝑥
< 2021.1.5
autodeskstorm_and_sanitary_analysis
2020 ≤
𝑥
< 2020.3.1
autodeskstorm_and_sanitary_analysis
2021 ≤
𝑥
< 2021.3.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011
https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011