Timely and transparent notice

Applications and Services that utilize certain Autodesk products are affected by Out-of-bounds Read, Out-of-bounds Write, untrusted pointer Dereference, and memory corruption vulnerabilities. Exploitation of these vulnerabilities may lead to arbitrary code execution.

Autodesk ID: ADSK-SA-2022-0007
2/28/2022, Monday

Learn more

Applications and services utilizing the Autodesk FBX Review have been affected by an Out-Of-Bounds Read vulnerability. Exploitation of these vulnerabilities may lead to code execution and/or denial-of-service.

Autodesk ID: ADSK-SA-2022-0006
2/28/2022, Monday

Learn more

Multiple Autodesk products have been affected by Use After Free, Out-of-bound-write, Stack-based Buffer, Memory Corruption, and Buffer Overflow vulnerabilities.

Autodesk ID: ADSK-SA-2022-0005
2/28/2022, Monday

Learn more

Applications and services that utilize Autodesk Design Review, Advance Steel, Civil 3D® and AutoCAD products may be affected by Double Free, Heap Overflow, Out-of-bound Read/Write, Use-After-Free, and Type Confusion vulnerabilities. Exploitation of these vulnerabilities may lead to remote code execution.

Autodesk ID: ADSK-SA-2022-0004
2/28/2022, Monday

Learn more

Applications and Services that utilize the Log4net.dll earlier than 2.0.10 version can be impacted by Improper Restriction of XML External Entity Reference ('XXE') vulnerabilities.

Autodesk ID: ADSK-SA-2022-0003
1/13/2022, Thursday

Learn more

Applications and Services that utilize certain Autodesk products may be affected by Out-of-bounds Read, Out-of-bounds Write, and Information disclosure vulnerabilities. Exploitation of these vulnerabilities in conjunction with other vulnerabilities may lead to code execution in the context of the current process.

Autodesk ID: ADSK-SA-2022-0002
2/28/2022, Monday

Learn more

Autodesk® InfraWorks® has been affected by multiple vulnerabilities detailed below. Exploitation of these vulnerabilities may lead to remote code execution and/or denial-of-service to the software and user devices. Hotfixes are available in the Autodesk Desktop App or the Accounts Portal to help resolve these vulnerabilities.

Autodesk ID: ADSK-SA-2022-0001
1/13/2022, Thursday

Learn more

Autodesk is aware of the Apache Log4j security vulnerabilities. Refer to the products and services list in the security advisory for the remediation status.

Autodesk ID: ADSK-SA-2021-0012
23/12/2021, Thursday

Learn more

Applications and Services that utilize Image Processing component used by Autodesk products may be impacted by Out-of-bound Read, Heap based Overflow, Out-of-bound Write, Memory corruption, and Use-after-free vulnerabilities.

Autodesk ID: ADSK-SA-2021-0011
06/12/2021, Monday

Learn more

Applications and Services that utilize versions of PDFTron prior to 9.0.7 may be impacted by out-of-bound read and memory corruption vulnerabilities.

Autodesk ID: ADSK-SA-2021-0010
06/12/2021, Monday

Learn more

Applications and Services that utilize Autodesk Navisworks may be affected by Out-of-bounds Read and Out-of-bounds Write vulnerabilities. Exploitation of these vulnerabilities could lead to code execution.

Autodesk ID: ADSK-SA-2021-0009
13/09/2021, Monday

Learn more

Applications and Services that utilize Autodesk Navisworks may be affected by Out-of-bounds Read, Memory Corruption vulnerabilities. Exploitation of these vulnerabilities could lead to code execution.

Autodesk ID: ADSK-SA-2021-0008
13/09/2021, Monday

Learn more

Autodesk® Infrastructure Parts Editor has been affected by third party component vulnerabilities. Exploitation of these vulnerabilities could lead to code execution and/or denial-of-service.

Autodesk ID: ADSK-SA-2021-0007
31/08/2021, Tuesday

Learn more

A variant of a MAXScript exploit "MSCPROP.DLL" has been identified and a free plugin is now available in the Autodesk App Store to help detect and resolve potential issues caused by this malicious code.

Autodesk ID: ADSK-SA-2021-0006
15/07/2021, Thursday

Learn more

Autodesk® InfraWorks has been affected by multiple vulnerabilities. Exploitation of these vulnerabilities could lead to remote code execution and/or denial-of-service to the software and user devices.

Autodesk ID: ADSK-SA-2021-0005
18/06/2021, Friday

Learn more

Applications and Services that utilize Autodesk AutoCAD products are affected by Out-of-bound Read, Out-of-bound Write, and Memory Corruption vulnerabilities. Exploitation of these vulnerabilities could lead to arbitrary code execution.

Autodesk ID: ADSK-SA-2021-0004
17/06/2021, Thursday

Learn more

Applications and Services that utilize Autodesk Design Review may be affected by Double Free, Heap Overflow, Out-of-bound Read/Write, Use-After-Free, Type Confusion, and Uninitialized Variable vulnerabilities. Exploitation of these vulnerabilities could lead to remote code execution.

Autodesk ID: ADSK-SA-2021-0003
14/06/2021, Monday

Learn more

Autodesk® Desktop Licensing Installer has been affected by Privilege Escalation vulnerabilities. Exploitation of these vulnerabilities could lead to code execution due to weak permissions.

Autodesk ID: ADSK-SA-2021-0002
14/06/2021, Monday

Learn more

Applications and Services that utilize the Autodesk FBX Review have been affected by Use-After-Free, Memory Corruption, Out-Of-Bounds Read, Untrusted Pointer Dereference, and Directory Traversal vulnerabilities. Exploitation of these vulnerabilities could lead to remote code execution and/or denial-of-service.

Autodesk ID: ADSK-SA-2021-0001
15/04/2021, Thursday

Learn more

Autodesk^® InfraWorks has been affected by Use-After-Free and XML Entity Expansion vulnerabilities. Exploitation of these vulnerabilities could lead to remote code execution and/or denial-of-service.

Autodesk ID: ADSK-SA-2020-0006
30/10/2020, Friday

Learn more

Autodesk InfraWorks has been affected by heap overflow, code injection, out-of-bounds read, and stack-based buffer overflow vulnerabilities in the libcurl component.

Autodesk ID: ADSK-SA-2020-0004
25/06/2020, Thursday

Learn more

Applications and Services that utilize the FBX-SDK Ver. 2020.0 or earlier can be impacted by buffer overflow, type confusion, use-after-free, integer overflow, NULL pointer dereference, and heap overflow vulnerabilities.

Autodesk ID: ADSK-SA-2020-0002
15/04/2020, Wednesday

Learn more

Autodesk® Dynamo BIM is affected by an improper signature validation vulnerability which may lead to code execution through maliciously crafted DLL files.

Autodesk ID: ADSK-SA-2020-0001
01/04/2020, Wednesday

Learn more

A variant of a MAXScript exploit was identified and a fix has been made available. The exploit can execute malicious code that can corrupt the 3ds Max environment, cause data loss and instability, as well as spread to other systems.

Autodesk ID: ADSK-SA-2019-0005
09/01/2020, Thursday

Learn more

Autodesk Desktop Application is affected by a DLL preloading vulnerability.

Autodesk ID: ADSK-SA-2019-0004
29/11/2019, Friday

Learn more

Multiple Autodesk products have been affected by DLL preloading and use-after-free vulnerabilities.

Autodesk ID: ADSK-SA-2019-0002
16/08/2019, Friday

Learn more

FBX is affected by a buffer overflow vulnerability which may lead to arbitrary code execution on a system running it.

Autodesk ID: ADSK-SA-2019-0003
31/10/2019, Wednesday

Learn more

Multiple Autodesk® AutoCAD® products have been affected by heap overflow, use-after-free, and deserialization vulnerabilities.

Autodesk ID: ADSK-SA-2019-0001
14/02/2019, Thursday

Learn more

The Autodesk® Backburner 2016 service command line interface accepts a set of remote telnet commands. When insufficient number of arguments are passed, it fails to handle a specific command request which results in an unhandled Null Dereference state/crash leading to Denial of Service condition.

Autodesk ID: ADSK-SA-2017-001
17/02/2017, Friday

Learn more