AUTODESK TRUST CENTER

Timely and transparent notice

Autodesk publishes important information regarding security vulnerabilities that could affect specific versions of Autodesk products or services.

Latest security bulletins and advisories

This page contains important information regarding security vulnerabilities that could affect specific versions of Autodesk products or services.

  • Important security update

    Autodesk recently determined that an unauthorized third-party obtained access to portions of internal systems. Our findings show that sensitive data about our customers and their projects or products have not been compromised. We immediately took steps to contain the incident. Forensic analysis conducted by an independent, third party indicates that no customer operations or Autodesk products were disrupted due to this incident. The analysis also found no evidence of suspicious activity in the customer production environment. The protection of customer data and confidential company information is Autodesk’s top priority.

    07/20/2023, Thursday.

  • XZ Utils Backdoor Vulnerability CVE-2024-3094

    Autodesk is aware of the XZ security vulnerabilities. Refer to our security advisory for a comprehensive list of potentially impacted Autodesk products and services, along with our current recommendations.

    Autodesk ID: ADSK-SA-2024-0007
    4/12/2024, Friday.

  • Stack-based Overflow Vulnerability in the TrueViewTM Desktop Software

    Autodesk DWG TrueView product has been affected by Stack-based Overflow vulnerability.

    Autodesk ID: ADSK-SA-2024-0006
    3/14/2024, Thursday.

  • ActionScript Byte Code “ABC” Vulnerability in the Autodesk FBX Review software

    Applications and services utilizing the Autodesk FBX Review software have been affected by an Out-Of-Bounds Write vulnerability. Exploitation of these vulnerabilities may lead to code execution.

    Autodesk ID: ADSK-SA-2024-0005
    3/14/2024, Thursday.

  • Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

    Autodesk AutoCAD and certain AutoCAD-based products may be affected by Out-of-Bounds write, Stack-based Overflow, Heap based Overflow, Use-After-Free, Memory Corruption, Untrusted Pointer Dereference, Heap-based Buffer Overflow, and Uninitialized Variable vulnerabilities. Exploitation of these vulnerabilities may lead to code execution.

    Autodesk ID: ADSK-SA-2024-0004
    2/29/2024, Thursday.

  • TinyXML Vulnerability in Autodesk Desktop Licensing Service

    Autodesk Desktop Licensing Service has been affected by a reachable assertion vulnerability detailed below. Exploitation of this vulnerability could lead to denial of service due to multiple assertions.

    Autodesk ID: ADSK-SA-2024-0003
    02/22/2024, Thursday

  • ZDI reported security vulnerabilities in the Autodesk AutoCAD Desktop Software

    ZDI published zero-day vulnerabilities on February 12th for versions of Autodesk AutoCAD products. Fixes for these vulnerabilities will be issued for affected versions of AutoCAD in an upcoming release. Please note, this advisory applies to Windows versions of the affected products. Other platforms are not impacted. Exploitation of these vulnerabilities requires an interactive choice by the end user. 

    Autodesk ID: ADSK-SA-2024-0002
    02/14/2024, Wednesday.

  • Multiple Vulnerabilities in Autodesk® InfraWorks® software

    Autodesk InfraWorks has been affected by multiple vulnerabilities detailed below. Exploitation of these vulnerabilities may lead to remote code execution and/or denial-of-service to the software and user devices. Hotfixes are available in Autodesk Access or the Accounts Portal to help resolve these vulnerabilities.

    Autodesk ID: ADSK-SA-2024-0001
    1/31/2024, Wednesday

  • Vulnerabilities in Autodesk Infrastructure Parts Editor Software

    Autodesk® Infrastructure Parts Editor has been affected by third party component vulnerabilities. Exploitation of these vulnerabilities could lead to code execution and/or denial-of-service.

    Autodesk ID: ADSK-SA-2023-0023
    12/05/2023, Tuesday

  • Multiple Vulnerabilities in Autodesk® InfoWorks® software

    Autodesk InfoWorks WS Pro and InfoWorks ICM have been affected by multiple vulnerabilities detailed below. Exploitation of these vulnerabilities may lead to remote code execution and/or denial of service to the software and user devices. Patch releases are available in Autodesk Access in the Accounts Portal or the Innovyze Web Portal to help resolve these vulnerabilities. The patch versions are listed below.

    Autodesk ID: ADSK-SA-2023-0024
    12/22/2023, Friday

  • Vulnerabilities in Autodesk Infrastructure Parts Editor Software

    Autodesk® Infrastructure Parts Editor has been affected by third party component vulnerabilities. Exploitation of these vulnerabilities could lead to code execution and/or denial-of-service.

    Autodesk ID: ADSK-SA-2023-0023
    12/05/2023, Tuesday

  • Multiple Vulnerabilities in Autodesk Desktop Licensing Service

    Autodesk Desktop Licensing Service has been affected by multiple vulnerabilities detailed below. Exploitation of these vulnerabilities could lead to code execution due to weak permissions.

    Autodesk ID: ADSK-SA-2023-0022
    11/27/2023, Monday

  • Revocation of Autodesk code signing certificate in the Autodesk AutoCAD Desktop Software

    Autodesk has revoked the certificate on August 5th for all software code signed after July 10, 2022 (00:00 GMT). Autodesk has issued updates signed using a new digital certificate for AutoCAD-based products. Please note, only the 2024 versions of software are affected by this new digital certificate.

    Autodesk ID: ADSK-SA-2023-0021
    11/15/2023, Thursday

  • Access Control Vulnerability in the Autodesk Customer Portal

    This advisory is about access to support case data via the Autodesk Customer Portal for all Autodesk products.

    Autodesk ID: ADSK-SA-2023-0020
    10/19/2023, Thursday

  • LibXml2 Vulnerability in the Autodesk Civil 3D Software

    Applications and services utilizing Autodesk Civil 3D have been affected by a LibXml2 vulnerability.

    Autodesk ID: ADSK-SA-2023-0019
    08/29/2023, Tuesday

  • Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

    Autodesk AutoCAD and certain AutoCAD-based products have been affected by Out-of-Bounds Write, Heap-based Buffer Overflow, Untrusted Pointer Dereference, and Memory Corruption vulnerabilities.

    Autodesk ID: ADSK-SA-2023-0018
    24/08/2023, Thursday.

  • Vulnerabilities in the PSKernel component used by specific Autodesk products

    Autodesk® applications and services that utilize the PSKernel Component may be affected by Out-of-Bounds Read, Integer Overflow and Memory Corruption Write vulnerabilities. Exploitation of these vulnerabilities may lead to code execution.

    Autodesk ID: ADSK-SA-2023-0017
    07/27/2023, Thursday.

  • Memory Corruption Vulnerability in the Autodesk FeatureCAM Software

    Autodesk FeatureCAM software has been affected by Memory Corruption vulnerabilities. Exploitation of these vulnerabilities may lead to code execution and/or denial-of-service. Autodesk

    Autodesk ID: ADSK-SA-2023-0016
    06/23/2023, Friday.

  • Vulnerabilities in the PSKernel component used by specific Autodesk products

    Autodesk® applications and services that utilize the PSKernel Component may be affected by Out-of-Bounds Read, Integer Overflow and Memory Corruption Write vulnerabilities. Exploitation of these vulnerabilities may lead to code execution.

    Autodesk ID: ADSK-SA-2023-0017
    07/27/2023, Thursday.

  • Memory Corruption Vulnerability in the Autodesk FeatureCAM Software

    Autodesk FeatureCAM software has been affected by Memory Corruption vulnerabilities. Exploitation of these vulnerabilities may lead to code execution and/or denial-of-service. Autodesk

    Autodesk ID: ADSK-SA-2023-0016
    06/23/2023, Friday.

  • Multiple Vulnerabilities in Autodesk Material Management component used by Autodesk products

    Autodesk products leveraging internal components, Autodesk Material Management, and those implicitly importing vulnerable versions expat and libcurl may be impacted by Out-of-bound Write, User-After-Free, Information Disclosure, Improper Input Validation, Business Logic Errors, location of Resources Without Limits or Throttling, Denial of Service, SSRF, Insufficiently Protected Credentials, and Improper Authentication - Generic vulnerabilities.

    Autodesk ID: ADSK-SA-2023-0015
    06/16/2023, Friday.

  • Multiple Vulnerabilities in Autodesk Material Management component used by Autodesk products

    Autodesk products leveraging internal components, Autodesk Material Management, and those implicitly importing vulnerable versions expat and libcurl may be impacted by Out-of-bound Write, User-After-Free, Information Disclosure, Improper Input Validation, Business Logic Errors, location of Resources Without Limits or Throttling, Denial of Service, SSRF, Insufficiently Protected Credentials, and Improper Authentication - Generic vulnerabilities.

    Autodesk ID: ADSK-SA-2023-0015
    06/16/2023, Friday.

  • Multiple Vulnerabilities in Autodesk Material Management component used by Autodesk products

    Autodesk products leveraging internal components, Autodesk Material Management, and those implicitly importing vulnerable versions expat and libcurl may be impacted by Out-of-bound Write, User-After-Free, Information Disclosure, Improper Input Validation, Business Logic Errors, location of Resources Without Limits or Throttling, Denial of Service, SSRF, Insufficiently Protected Credentials, and Improper Authentication - Generic vulnerabilities.

    Autodesk ID: ADSK-SA-2023-0015
    06/16/2023, Friday.

  • SQLite Vulnerability in the Autodesk Civil3D Software

    Applications and services utilizing Autodesk Civil3D have been affected by an SQLite vulnerability.

    Autodesk ID: ADSK-SA-2023-0014
    06/20/2023, Tuesday .

  • Privilege Escalation Vulnerability in the Autodesk® Desktop Connector Software

    Applications and services utilizing the Autodesk Desktop Connector have been affected by a Privilege Escalation vulnerability.

    Autodesk ID: ADSK-SA-2023-0013
    06/19/2023, Monday .

  • Multiple Vulnerabilities in Autodesk® InfraWorks software

    Autodesk InfraWorks has been affected by multiple vulnerabilities detailed below. Exploitation of these vulnerabilities may lead to remote code execution and/or denial-of-service to the software and user devices. Hotfixes are available in the Autodesk Desktop App or the Accounts Portal to help resolve these vulnerabilities

    Autodesk ID: ADSK-SA-2023-0012
    06/14/2023, Wednesday.

  • Heap-based buffer over-read in Autodesk® Desktop Licensing Service

    Autodesk® Desktop Licensing Installer has been affected by privilege escalation vulnerabilities. Exploitation of these vulnerabilities could lead to code execution due to weak permissions.

    Autodesk ID: ADSK-SA-2023-0011
    6/20/2023, Tuesday.

  • Privilege Escalation Vulnerability in the Autodesk® Installer Software

    Applications and services utilizing the Autodesk installer have been affected by a Privilege Escalation vulnerability.

    Autodesk ID: ADSK-SA-2023-0010
    04/25/2023, Wednesday

  • Multiple Vulnerabilities in PSKernel component used by specific Autodesk® products

    Multiple Autodesk products have been affected by out-of-bound-read, out-of-bound-write, Integer Overflow, and Memory Corruption vulnerabilities.

    Autodesk ID: ADSK-SA-2023-0009
    04/24/2023, Monday

  • Vulnerabilities in the Autodesk® 3ds Max® USD plugin

    USD (Universal Scene Description) plugin for Autodesk® 3ds Max® has been affected by file-parsing uninitialized variable, use-after-free, out-of-bounds read, and out-of-bounds write vulnerabilities.

    Autodesk ID: ADSK-SA-2023-0008
    04/27/2023, Thursday

  • Multiple Vulnerabilities in Autodesk® InfraWorks® Software

    Autodesk® InfraWorks® has been affected by multiple vulnerabilities detailed below. Exploitation of these vulnerabilities may lead to remote code execution and/or denial-of-service to the software and user devices. Hotfixes are available in the Autodesk Desktop App or the Accounts Portal to help resolve these vulnerabilities.

    Autodesk ID: ADSK-SA-2023-0007
    04/17/2023, Monday

  • Use-After-Free Vulnerability in Autodesk® InfraWorks® Software

    Applications and services utilizing Autodesk InfraWorks have been affected by a use-after-free vulnerability. The exploitation of these vulnerabilities may lead to code execution. Hotfixes are available in the Autodesk Desktop App or the Accounts Portal to help resolve these vulnerabilities.

    Autodesk ID: ADSK-SA-2023-0006
    04/17/2023, Monday

  • Multiple Vulnerabilities in the Autodesk® AutoCAD® Desktop Software

    Multiple Autodesk® AutoCAD® and AutoCAD-based products have been affected by Out-of-Bounds Read, Integer Overflow, Stack Buffer Overflow, Memory Corruption Read, and Memory Corruption Write vulnerabilities.

    Autodesk ID: ADSK-SA-2023-0005
    04/06/2023, Thursday

  • Multiple Vulnerabilities in the Autodesk® FBX® SDK software

    Applications and services utilizing the Autodesk® FBX® SDK software have been affected by an Out-Of-Bounds Write and Stack Buffer Overflow vulnerabilities. Exploitation of these vulnerabilities may lead to information disclosure, code execution and/or denial-of-service.

    Autodesk ID: ADSK-SA-2023-0004
    03/29/2023, Wednesday.

  • Vulnerabilities for Autodesk® Maya® USD plugin

    USD (Universal Scene Description) plugin for Autodesk® Maya® has been affected by a file uninitialized variable, out-of-bounds read, and out-of-bounds write vulnerabilities.

    Autodesk ID: ADSK-SA-2023-0003
    03/29/2023, Wednesday.

  • Use After Free Vulnerability in SKP component used by the Autodesk® products

    Applications and services that utilize Sketchup components used by Autodesk products may be impacted by Use-after-free vulnerability.

    Autodesk ID: ADSK-SA-2023-0002
    3/31/2023, Friday.

  • Multiple Vulnerabilities in Autodesk® InfoWorks® software

    Autodesk® InfoWorks® WS Pro and InfoWorks® ICM were affected by multiple vulnerabilities detailed below. Exploitation of these vulnerabilities may lead to remote code execution and/or denial-of-service to the software and user devices. Patch releases are available in the Autodesk Desktop App or the Accounts Portal or the Innovyze Web Portal to help resolve these vulnerabilities. The patch versions are listed below.

    Autodesk ID: ADSK-SA-2023-0001
    3/30/2023, Thursday.

  • Vulnerabilities in Autodesk Image Processing component used by Autodesk products II

    Applications and services that utilize Image Processing component used by Autodesk products may be impacted by Out-of-bound Read, Heap-based Overflow, Out-of-bound Write, Memory corruption, and Use-after-free vulnerabilities.

    Autodesk ID: ADSK-SA-2022-0025
    12/14/2022, Wednesday

  • DLL Search Order Hijacking Vulnerability in the DWG TrueView™ Desktop Software

    DWG TrueView™ product has been affected by a Search Order Hijacking vulnerability.

    Autodesk ID: ADSK-SA-2022-0024
    11/15/2022, Tuesday

  • Vulnerabilities in Zlib component used by Autodesk ® products

    Autodesk products leveraging the third-party component Zlib, and those implicitly importing vulnerable versions of Zlib, may be impacted by Out-of-bound Write vulnerability.

    Autodesk ID: ADSK-SA-2022-0023
    09/23/2022, Friday

  • Multiple Vulnerabilities in the Autodesk® FBX® SDK software

    Applications and services utilizing the Autodesk® FBX® SDK software have been affected by an Out-Of-Bounds Read, Out-Of-Bounds Write, and Use-After-Free vulnerabilities. Exploitation of these vulnerabilities may lead to code execution and/or denial-of-service.

    Autodesk ID: ADSK-SA-2022-0022
    09/14/2022, Wednesday

  • Multiple Vulnerabilities in the Autodesk® Design Review, Autodesk® Advance Steel, Autodesk® Civil 3D® and AutoCAD® Desktop software

    Applications and Services that utilize Autodesk Design Review and AutoCAD products may be affected by Heap Based Overflow and Memory Corruption vulnerabilities. Exploitation of these vulnerabilities could lead to remote code execution.

    Autodesk ID: ADSK-SA-2022-0021
    9/22/2022, Thursday

  • Multiple Vulnerabilities in the Autodesk® AutoCAD® and Maya® Desktop Software

    Multiple Autodesk AutoCAD, AutoCAD-based products, and Maya have been affected by Out-of-bound Read, Out-of-bound Write, Use of Uninitialized Variable, Heap based Buffer Overflow, and Memory Corruption vulnerabilities.

    Autodesk ID: ADSK-SA-2022-0020
    09/22/2022, Thursday

  • Vulnerabilities in Autodesk Material Management component used by Autodesk ® products

    Autodesk products leveraging internal components, Autodesk Material Management and thus implicitly importing vulnerable versions expat and libcurl may be impacted by Out-of-bound Read, User-After-Free, NULL Pointer Dereference, Integer Overflow or Wraparound, Exposure of Resource to Wrong Sphere, Improper Encoding or Escaping of Output, and Uncontrolled Resource Consumption vulnerabilities.

    Autodesk ID: ADSK-SA-2022-0017
    07/28/2022, Friday

  • OpenSSL Vulnerability component used by Autodesk ® products

    Autodesk products and dependent application, services using OpenSSL component may be impacted by Loop with Unreachable Exit Condition ('Infinite Loop') vulnerabilities. Exploitation of these vulnerabilities may lead to code execution and/or denial-of-service.

    Autodesk ID: ADSK-SA-2022-0016
    07/28/2022, Friday

  • Vulnerabilities in the Autodesk® desktop app (ADA)

    Autodesk® desktop app (ADA) product have been affected by Improper Privilege Management vulnerability detailed below. Exploitation of these vulnerabilities may lead to code execution and/or denial-of-service to the software and user devices.

    Autodesk ID: ADSK-SA-2022-0015
    07/22/2022, Friday

  • PRT Vulnerabilities in the Autodesk® AutoCAD® Desktop Software

    Multiple Autodesk products have been affected by Out-of-bound Read vulnerability.

    Autodesk ID: ADSK-SA-2022-0014
    07/14/2022, Thursday

  • XML External Entities (XXE) Vulnerabilities in Autodesk® Fusion360® software

    Autodesk® Fusion 360® has been affected by XML External Entities (XXE) vulnerabilities detailed below. Exploitation of these vulnerabilities may lead to remote code execution and/or denial-of-service to the software and user devices.

    Autodesk ID: ADSK-SA-2022-0013
    06/14/2022, Tuesday

  • Multiple Vulnerabilities in Autodesk® InfraWorks® software

    Autodesk® InfraWorks® has been affected by multiple vulnerabilities detailed below. Exploitation of these vulnerabilities may lead to remote code execution and/or denial-of-service to the software and user devices. Hotfixes are available in the Autodesk Desktop App or the Accounts Portal to help resolve these vulnerabilities.

    Autodesk ID: ADSK-SA-2022-0012
    06/14/2022, Tuesday

  • Heap-based Buffer Overflow and Untrusted Pointer Dereference Vulnerabilities in the PDFTron component used by Autodesk products

    Applications and Services that utilize versions of PDFTron prior to 9.1.17 may be impacted by Heap-based Buffer Overflow, and Untrusted Pointer Dereference vulnerabilities.

    Autodesk ID: ADSK-SA-2022-0011
    05/25/2022, Wednesday

  • Multiple TIF Vulnerabilities in the Autodesk® 3ds Max® Desktop software

    Applications and services that utilize Autodesk 3ds Max may be affected by Out-of-bound Read/Write vulnerabilities. Exploitation of these vulnerabilities may lead to remote code execution.

    Autodesk ID: ADSK-SA-2022-0010
    5/04/2022, Wednesday

  • Multiple Vulnerabilities in the Autodesk® Design Review software

    Applications and Services that utilize Autodesk Design Review may be affected by Double Free, and Out-of-bound Read/Write vulnerabilities. Exploitation of these vulnerabilities could lead to remote code execution.

    Autodesk ID: ADSK-SA-2022-0009
    4/28/2022, Thursday

  • Multiple Vulnerabilities in the Autodesk® Infraworks software

    Autodesk® InfraWorks® has been affected by multiple vulnerabilities detailed below. Exploitation of these vulnerabilities may lead to remote code execution and/or denial-of-service to the software and user devices. Hotfixes are available in the Autodesk Desktop App or the Accounts Portal to help resolve these vulnerabilities.

    Autodesk ID: ADSK-SA-2022-0008
    4/25/2022, Monday

  • PDF and DWG Vulnerabilities in the Autodesk® AutoCAD® Desktop software

    Applications and Services that utilize certain Autodesk products are affected by Out-of-bounds Read, Out-of-bounds Write, untrusted pointer Dereference, and memory corruption vulnerabilities. Exploitation of these vulnerabilities may lead to arbitrary code execution.

    Autodesk ID: ADSK-SA-2022-0007
    2/28/2022, Monday

  • ActionScript Byte Code “ABC” Vulnerabilities in the Autodesk® FBX® Review and Autodesk® 3ds Max® software

    Applications and services utilizing the Autodesk FBX Review have been affected by an Out-Of-Bounds Read vulnerability. Exploitation of these vulnerabilities may lead to code execution and/or denial-of-service.

    Autodesk ID: ADSK-SA-2022-0006
    2/28/2022, Monday

  • DWF Vulnerabilities in the Autodesk® AutoCAD® Desktop Software

    Multiple Autodesk products have been affected by Use After Free, Out-of-bound-write, Stack-based Buffer, Memory Corruption, and Buffer Overflow vulnerabilities.

    Autodesk ID: ADSK-SA-2022-0005
    2/28/2022, Monday

  • Multiple Vulnerabilities in the Autodesk® Design Review, Autodesk® Advance Steel, Autodesk® Civil 3D® and AutoCAD® Desktop software

    Applications and services that utilize Autodesk Design Review, Advance Steel, Civil 3D® and AutoCAD products may be affected by Double Free, Heap Overflow, Out-of-bound Read/Write, Use-After-Free, and Type Confusion vulnerabilities. Exploitation of these vulnerabilities may lead to remote code execution.

    Autodesk ID: ADSK-SA-2022-0004
    2/28/2022, Monday

  • Log4net Vulnerabilities in the .NET based Autodesk Products

    Applications and Services that utilize the Log4net.dll earlier than 2.0.10 version can be impacted by Improper Restriction of XML External Entity Reference ('XXE') vulnerabilities.

    Autodesk ID: ADSK-SA-2022-0003
    1/13/2022, Thursday

  • JT Vulnerabilities in Autodesk® Inventor® and Autodesk® Advance Steel, Autodesk® Civil 3D® and AutoCAD® Desktop software

    Applications and Services that utilize certain Autodesk products may be affected by Out-of-bounds Read, Out-of-bounds Write, and Information disclosure vulnerabilities. Exploitation of these vulnerabilities in conjunction with other vulnerabilities may lead to code execution in the context of the current process.

    Autodesk ID: ADSK-SA-2022-0002
    2/28/2022, Monday

  • Multiple Vulnerabilities in Autodesk® InfraWorks® software

    Autodesk® InfraWorks® has been affected by multiple vulnerabilities detailed below. Exploitation of these vulnerabilities may lead to remote code execution and/or denial-of-service to the software and user devices. Hotfixes are available in the Autodesk Desktop App or the Accounts Portal to help resolve these vulnerabilities.

    Autodesk ID: ADSK-SA-2022-0001
    1/13/2022, Thursday

  • Apache Log4j Vulnerabilities: Impact on Autodesk Products

    Autodesk is aware of the Apache Log4j security vulnerabilities. Refer to the products and services list in the security advisory for the remediation status.

    Autodesk ID: ADSK-SA-2021-0012
    23/12/2021, Thursday

  • Vulnerabilities in Autodesk Image Processing component used by Autodesk products

    Applications and Services that utilize Image Processing component used by Autodesk products may be impacted by Out-of-bound Read, Heap based Overflow, Out-of-bound Write, Memory corruption, and Use-after-free vulnerabilities.

    Autodesk ID: ADSK-SA-2021-0011
    06/12/2021, Monday

  • Vulnerabilities in the PDFTron component used by Autodesk products

    Applications and Services that utilize versions of PDFTron prior to 9.0.7 may be impacted by out-of-bound read and memory corruption vulnerabilities.

    Autodesk ID: ADSK-SA-2021-0010
    06/12/2021, Monday

  • DWG Vulnerabilities in the Autodesk® Navisworks Desktop software

    Applications and Services that utilize Autodesk Navisworks may be affected by Out-of-bounds Read and Out-of-bounds Write vulnerabilities. Exploitation of these vulnerabilities could lead to code execution.

    Autodesk ID: ADSK-SA-2021-0009
    13/09/2021, Monday

  • PDF Vulnerabilities in the Autodesk® Navisworks Desktop software

    Applications and Services that utilize Autodesk Navisworks may be affected by Out-of-bounds Read, Memory Corruption vulnerabilities. Exploitation of these vulnerabilities could lead to code execution.

    Autodesk ID: ADSK-SA-2021-0008
    13/09/2021, Monday

  • Vulnerabilities in Autodesk® Infrastructure Parts Editor software

    Autodesk® Infrastructure Parts Editor has been affected by third party component vulnerabilities. Exploitation of these vulnerabilities could lead to code execution and/or denial-of-service.

    Autodesk ID: ADSK-SA-2021-0007
    31/08/2021, Tuesday

  • MAXScript exploit "MSCPROP.DLL" in Autodesk® 3ds Max® software

    A variant of a MAXScript exploit "MSCPROP.DLL" has been identified and a free plugin is now available in the Autodesk App Store to help detect and resolve potential issues caused by this malicious code.

    Autodesk ID: ADSK-SA-2021-0006
    15/07/2021, Thursday

  • Vulnerabilities in Autodesk® InfraWorks software

    Autodesk® InfraWorks has been affected by multiple vulnerabilities. Exploitation of these vulnerabilities could lead to remote code execution and/or denial-of-service to the software and user devices.

    Autodesk ID: ADSK-SA-2021-0005
    18/06/2021, Friday

  • Vulnerabilities in the Autodesk® AutoCAD® family of products

    Applications and Services that utilize Autodesk AutoCAD products are affected by Out-of-bound Read, Out-of-bound Write, and Memory Corruption vulnerabilities. Exploitation of these vulnerabilities could lead to arbitrary code execution.

    Autodesk ID: ADSK-SA-2021-0004
    17/06/2021, Thursday

  • Vulnerabilities in the Autodesk® Design Review software

    Applications and Services that utilize Autodesk Design Review may be affected by Double Free, Heap Overflow, Out-of-bound Read/Write, Use-After-Free, Type Confusion, and Uninitialized Variable vulnerabilities. Exploitation of these vulnerabilities could lead to remote code execution.

    Autodesk ID: ADSK-SA-2021-0003
    14/06/2021, Monday

  • Privilege Escalation Vulnerabilities in Autodesk® Licensing Service

    Autodesk® Desktop Licensing Installer has been affected by Privilege Escalation vulnerabilities. Exploitation of these vulnerabilities could lead to code execution due to weak permissions.

    Autodesk ID: ADSK-SA-2021-0002
    14/06/2021, Monday

  • Vulnerabilities in the Autodesk® FBX Review software

    Applications and Services that utilize the Autodesk FBX Review have been affected by Use-After-Free, Memory Corruption, Out-Of-Bounds Read, Untrusted Pointer Dereference, and Directory Traversal vulnerabilities. Exploitation of these vulnerabilities could lead to remote code execution and/or denial-of-service.

    Autodesk ID: ADSK-SA-2021-0001
    15/04/2021, Thursday

  • Use-After-Free and XML Entity Expansion Vulnerabilities in Autodesk® InfraWorks

    Autodesk® InfraWorks has been affected by Use-After-Free and XML Entity Expansion vulnerabilities. Exploitation of these vulnerabilities could lead to remote code execution and/or denial-of-service.

    Autodesk ID: ADSK-SA-2020-0006
    30/10/2020, Friday

  • MAXScript exploit "PhysXPluginMfx" in Autodesk® 3ds Max® software

    A variant of a MAXScript exploit "PhysXPluginMfx" has been identified and a free plugin is now available in the Autodesk App Store to help detect and resolve potential issues caused by this malicious code.

    Autodesk ID: ADSK-SA-2020-0005
    10/08/2020, Monday

  • Vulnerabilities in Autodesk® InfraWorks

    Autodesk InfraWorks has been affected by heap overflow, code injection, out-of-bounds read, and stack-based buffer overflow vulnerabilities in the libcurl component.

    Autodesk ID: ADSK-SA-2020-0004
    25/06/2020, Thursday

  • Script exploit in Autodesk® Maya

    A third-party malicious script was identified and a fix has been made available. The script can execute malicious code that can corrupt the Maya environment, cause data loss and instability, as well as spread to other systems.

    Autodesk ID: ADSK-SA-2020-0003
    20/05/2020, Wednesday

  • Vulnerabilities in the Autodesk® FBX Software Development Kit

    Applications and Services that utilize the FBX-SDK Ver. 2020.0 or earlier can be impacted by buffer overflow, type confusion, use-after-free, integer overflow, NULL pointer dereference, and heap overflow vulnerabilities.

    Autodesk ID: ADSK-SA-2020-0002
    15/04/2020, Wednesday

  • Improper Signature Validation Vulnerability in Autodesk® Dynamo BIM

    Autodesk® Dynamo BIM is affected by an improper signature validation vulnerability which may lead to code execution through maliciously crafted DLL files.

    Autodesk ID: ADSK-SA-2020-0001
    01/04/2020, Wednesday

  • Vulnerability in the Autodesk® Desktop Application

    Autodesk Desktop Application is affected by a DLL preloading vulnerability.

    Autodesk ID: ADSK-SA-2019-0004
    29/11/2019, Friday

  • Vulnerabilities in Autodesk AutoCAD and Design Review Products

    Multiple Autodesk products have been affected by DLL preloading and use-after-free vulnerabilities.

    Autodesk ID: ADSK-SA-2019-0002
    16/08/2019, Friday

  • Vulnerability in the Autodesk FBX Software Development Kit

    FBX is affected by a buffer overflow vulnerability which may lead to arbitrary code execution on a system running it.

    Autodesk ID: ADSK-SA-2019-0003
    31/10/2019, Wednesday

  • Vulnerabilities in the Autodesk AutoCAD products

    Multiple Autodesk® AutoCAD® products have been affected by heap overflow, use-after-free, and deserialization vulnerabilities.

    Autodesk ID: ADSK-SA-2019-0001
    14/02/2019, Thursday

  • Denial of Service Vulnerabilities in the Autodesk Backburner Rendering Management Software

    The Autodesk® Backburner 2016 service command line interface accepts a set of remote telnet commands. When insufficient number of arguments are passed, it fails to handle a specific command request which results in an unhandled Null Dereference state/crash leading to Denial of Service condition.

    Autodesk ID: ADSK-SA-2017-001
    17/02/2017, Friday

  • Vulnerabilities in Autodesk Design Review 2013

    Vulnerabilities were identified in the Autodesk® Design Review 2013 application that can result in arbitrary and unauthorized remote code execution.

    Autodesk ID: ADSK-SA-2016-02
    14/12/2016, Wednesday

  • Vulnerabilities in the Autodesk FBX Software Development Kit

    Applications and Services that utilize the Autodesk® FBX-SDK Ver. 2017.0 or earlier for processing FBX, DXF, DAE and 3DS formatted files can be impacted by vulnerabilities related to improper memory allocation when opening malformed files.

    Autodesk ID: ADSK-SA-2016-01
    05/12/2016, Monday

  • MAXScript exploit "MSCPROP.DLL" in Autodesk® 3ds Max® software

    A variant of a MAXScript exploit "MSCPROP.DLL" has been identified and a free plugin is now available in the Autodesk App Store to help detect and resolve potential issues caused by this malicious code.

    Autodesk ID: ADSK-SA-2021-0006
    15/07/2021, Thursday

Security Advisories for 2016-2019

  • Vulnerabilities in the Autodesk FBX Software Development Kit

    Applications and Services that utilize the Autodesk® FBX-SDK Ver. 2017.0 or earlier for processing FBX, DXF, DAE and 3DS formatted files can be impacted by vulnerabilities related to improper memory allocation when opening malformed files.

    Autodesk ID: ADSK-SA-2016-01
    05/12/2016, Monday

  • Vulnerabilities in Autodesk Design Review 2013

    Vulnerabilities were identified in the Autodesk® Design Review 2013 application that can result in arbitrary and unauthorized remote code execution.

    Autodesk ID: ADSK-SA-2016-02
    14/12/2016, Wednesday

  • Denial of Service Vulnerabilities in the Autodesk Backburner Rendering Management Software

    The Autodesk® Backburner 2016 service command line interface accepts a set of remote telnet commands. When insufficient number of arguments are passed, it fails to handle a specific command request which results in an unhandled Null Dereference state/crash leading to Denial of Service condition.

    Autodesk ID: ADSK-SA-2017-001
    17/02/2017, Friday

  • Vulnerabilities in the Autodesk AutoCAD products

    Multiple Autodesk® AutoCAD® products have been affected by heap overflow, use-after-free, and deserialization vulnerabilities.

    Autodesk ID: ADSK-SA-2019-0001
    14/02/2019, Thursday

  • Vulnerabilities in Autodesk AutoCAD and Design Review Products

    Multiple Autodesk products have been affected by DLL preloading and use-after-free vulnerabilities.

    Autodesk ID: ADSK-SA-2019-0002
    16/08/2019, Friday

  • Vulnerability in the Autodesk FBX Software Development Kit

    FBX is affected by a buffer overflow vulnerability which may lead to arbitrary code execution on a system running it.

    Autodesk ID: ADSK-SA-2019-0003
    31/10/2019, Wednesday

  • Vulnerability in the Autodesk® Desktop Application

    Autodesk Desktop Application is affected by a DLL preloading vulnerability.

    Autodesk ID: ADSK-SA-2019-0004
    29/11/2019, Friday

  • MAXScript exploit in Autodesk® 3ds Max

    A variant of a MAXScript exploit was identified and a fix has been made available. The exploit can execute malicious code that can corrupt the 3ds Max environment, cause data loss and instability, as well as spread to other systems.

    Autodesk ID: ADSK-SA-2019-0005
    09/01/2020, Thursday

Help us stay secure

REPORT A SECURITY INCIDENT

Help us protect our applications by reporting a security incident, bug, or vulnerability found within an Autodesk product or service.

USE GENUINE AUTODESK LICENSES

Avoid software failure, increased exposure to malware, and associated risks by using genuine Autodesk software. Visit Autodesk Genuine to learn more.