CVE-2021-40164 : A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC f

A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.

Published 2022-10-07 18:15:15

Updated 2022-10-11 17:09:19

Source Autodesk

View at NVD, CVE.org

Vulnerability category: OverflowMemory CorruptionExecute code

Products affected by CVE-2021-40164

Autodesk » Autocad
Versions from including (>=) 2021 and before (<) 2021.1.2
cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad
Versions from including (>=) 2020 and before (<) 2020.1.5
cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad
Versions from including (>=) 2022 and before (<) 2022.1.2
cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad
Versions from including (>=) 2019 and before (<) 2019.1.4
cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Civil 3d
Versions from including (>=) 2021 and before (<) 2021.1.2
cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Civil 3d
Versions from including (>=) 2022 and before (<) 2022.1.2
cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Civil 3d
Versions from including (>=) 2019 and before (<) 2019.1.4
cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Civil 3d
Versions from including (>=) 2020 and before (<) 2020.1.5
cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Electrical
Versions from including (>=) 2021 and before (<) 2021.1.2
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Electrical
Versions from including (>=) 2020 and before (<) 2020.1.5
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Electrical
Versions from including (>=) 2022 and before (<) 2022.1.2
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Electrical
Versions from including (>=) 2019 and before (<) 2019.1.4
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Lt
Versions from including (>=) 2020 and before (<) 2020.1.5
cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Lt
Versions from including (>=) 2019 and before (<) 2019.1.4
cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Lt » For Macos
Versions from including (>=) 2021 and before (<) 2021.2.2
cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:*
Matching versions
Autodesk » Autocad Lt » For Macos
Versions from including (>=) 2020 and before (<) 2020.3.2
cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:*
Matching versions
Autodesk » Autocad Lt
Versions from including (>=) 2021 and before (<) 2021.1.2
cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Lt » For Macos
Versions from including (>=) 2022 and before (<) 2022.2.2
cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:*
Matching versions
Autodesk » Autocad Lt
Versions from including (>=) 2022 and before (<) 2022.1.2
cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Mechanical
Versions from including (>=) 2019 and before (<) 2019.1.4
cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Mechanical
Versions from including (>=) 2022 and before (<) 2022.1.2
cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Mechanical
Versions from including (>=) 2020 and before (<) 2020.1.5
cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Mechanical
Versions from including (>=) 2021 and before (<) 2021.1.2
cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Inventor
Versions from including (>=) 2020 and before (<) 2020.5
cpe:2.3:a:autodesk:inventor:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Inventor
Versions from including (>=) 2021 and before (<) 2021.4
cpe:2.3:a:autodesk:inventor:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Inventor
Versions from including (>=) 2019 and before (<) 2019.6
cpe:2.3:a:autodesk:inventor:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Inventor
Versions from including (>=) 2022 and before (<) 2022.2
cpe:2.3:a:autodesk:inventor:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Revit
Versions from including (>=) 2020 and before (<) 2020.2.6
cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Revit
Versions from including (>=) 2021 and before (<) 2021.1.5
cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Revit
Versions from including (>=) 2019 and before (<) 2019.2.4
cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Revit » Version: 2022
cpe:2.3:a:autodesk:revit:2022:*:*:*:*:*:*:*
Matching versions
Autodesk » Design Review » Version: 2018
cpe:2.3:a:autodesk:design_review:2018:-:*:*:*:*:*:*
Matching versions
Autodesk » Design Review » Version: 2018 Update Hotfix
cpe:2.3:a:autodesk:design_review:2018:hotfix:*:*:*:*:*:*
Matching versions
Autodesk » Design Review » Version: 2018 Update Hotfix2
cpe:2.3:a:autodesk:design_review:2018:hotfix2:*:*:*:*:*:*
Matching versions
Autodesk » Design Review » Version: 2018 Update Hotfix3
cpe:2.3:a:autodesk:design_review:2018:hotfix3:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Map 3d
Versions from including (>=) 2021 and before (<) 2021.1.2
cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Map 3d
Versions from including (>=) 2019 and before (<) 2019.1.4
cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Map 3d
Versions from including (>=) 2020 and before (<) 2020.1.5
cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Map 3d
Versions from including (>=) 2022 and before (<) 2022.1.2
cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Mep
Versions from including (>=) 2020 and before (<) 2020.1.5
cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Mep
Versions from including (>=) 2022 and before (<) 2022.1.2
cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Mep
Versions from including (>=) 2019 and before (<) 2019.1.4
cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Mep
Versions from including (>=) 2021 and before (<) 2021.1.2
cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Plant 3d
Versions from including (>=) 2019 and before (<) 2019.1.4
cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Plant 3d
Versions from including (>=) 2020 and before (<) 2020.1.5
cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Plant 3d
Versions from including (>=) 2021 and before (<) 2021.1.2
cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Plant 3d
Versions from including (>=) 2022 and before (<) 2022.1.2
cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Dwg Trueview
Versions from including (>=) 2021 and before (<) 2021.1.2
cpe:2.3:a:autodesk:dwg_trueview:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Dwg Trueview
Versions from including (>=) 2022 and before (<) 2022.1.1
cpe:2.3:a:autodesk:dwg_trueview:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Dwg Trueview
Versions from including (>=) 2019 and before (<) 2019.1.4
cpe:2.3:a:autodesk:dwg_trueview:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Dwg Trueview
Versions from including (>=) 2020 and before (<) 2020.1.5
cpe:2.3:a:autodesk:dwg_trueview:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Architecture
Versions from including (>=) 2021 and before (<) 2021.1.2
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Architecture
Versions from including (>=) 2019 and before (<) 2019.1.4
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Architecture
Versions from including (>=) 2022 and before (<) 2022.1.2
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Architecture
Versions from including (>=) 2020 and before (<) 2020.1.5
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Navisworks
Versions from including (>=) 2021 and before (<) 2021.4
cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Navisworks
Versions from including (>=) 2020 and before (<) 2020.5
cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Navisworks
Versions from including (>=) 2022 and before (<) 2022.2
cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Navisworks
Versions from including (>=) 2019 and before (<) 2019.7
cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Advance Steel
Versions from including (>=) 2020 and before (<) 2020.1.5
cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Advance Steel
Versions from including (>=) 2019 and before (<) 2019.1.4
cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Advance Steel
Versions from including (>=) 2021 and before (<) 2021.1.2
cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Advance Steel
Versions from including (>=) 2022 and before (<) 2022.1.2
cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Infraworks
Versions from including (>=) 2020 and before (<) 2020.2
cpe:2.3:a:autodesk:infraworks:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Infraworks
Versions from including (>=) 2021 and before (<) 2021.2
cpe:2.3:a:autodesk:infraworks:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Infraworks
Versions from including (>=) 2019 and before (<) 2019.3
cpe:2.3:a:autodesk:infraworks:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Infraworks » Version: 2019.3 Update Hotfix 1
cpe:2.3:a:autodesk:infraworks:2019.3:hotfix_1:*:*:*:*:*:*
Matching versions
Autodesk » Infraworks » Version: 2019.3 Update Hotfix 2
cpe:2.3:a:autodesk:infraworks:2019.3:hotfix_2:*:*:*:*:*:*
Matching versions
Autodesk » Infraworks » Version: 2019.3 Update Hotfix 3
cpe:2.3:a:autodesk:infraworks:2019.3:hotfix_3:*:*:*:*:*:*
Matching versions
Autodesk » Infraworks » Version: 2019.3
cpe:2.3:a:autodesk:infraworks:2019.3:-:*:*:*:*:*:*
Matching versions
Autodesk » Infraworks » Version: 2020.2 Update Hotfix 1
cpe:2.3:a:autodesk:infraworks:2020.2:hotfix_1:*:*:*:*:*:*
Matching versions
Autodesk » Infraworks » Version: 2020.2 Update Hotfix 2
cpe:2.3:a:autodesk:infraworks:2020.2:hotfix_2:*:*:*:*:*:*
Matching versions
Autodesk » Infraworks » Version: 2020.2
cpe:2.3:a:autodesk:infraworks:2020.2:-:*:*:*:*:*:*
Matching versions
Autodesk » Infraworks » Version: 2021.2 Update Hotfix 1
cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_1:*:*:*:*:*:*
Matching versions
Autodesk » Infraworks » Version: 2021.2 Update Hotfix 2
cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_2:*:*:*:*:*:*
Matching versions
Autodesk » Infraworks » Version: 2021.2
cpe:2.3:a:autodesk:infraworks:2021.2:-:*:*:*:*:*:*
Matching versions
Autodesk » Infraworks » Version: 2022.0 Update Hotfix 1
cpe:2.3:a:autodesk:infraworks:2022.0:hotfix_1:*:*:*:*:*:*
Matching versions
Autodesk » Infraworks » Version: 2022.1
cpe:2.3:a:autodesk:infraworks:2022.1:*:*:*:*:*:*:*
Matching versions
Autodesk » Infraworks » Version: 2022.0
cpe:2.3:a:autodesk:infraworks:2022.0:-:*:*:*:*:*:*
Matching versions
Autodesk » Storm And Sanitary Analysis
Versions from including (>=) 2020 and before (<) 2020.3.1
cpe:2.3:a:autodesk:storm_and_sanitary_analysis:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Storm And Sanitary Analysis
Versions from including (>=) 2021 and before (<) 2021.3.1
cpe:2.3:a:autodesk:storm_and_sanitary_analysis:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Storm And Sanitary Analysis » Version: 2019
cpe:2.3:a:autodesk:storm_and_sanitary_analysis:2019:*:*:*:*:*:*:*
Matching versions
Autodesk » Storm And Sanitary Analysis » Version: 2022
cpe:2.3:a:autodesk:storm_and_sanitary_analysis:2022:*:*:*:*:*:*:*
Matching versions
Autodesk » Infrastructure Parts Editor
Versions from including (>=) 2020 and before (<) 2020.0.2
cpe:2.3:a:autodesk:infrastructure_parts_editor:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Infrastructure Parts Editor
Versions from including (>=) 2019 and before (<) 2019.2.2
cpe:2.3:a:autodesk:infrastructure_parts_editor:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Infrastructure Parts Editor » Version: 2022
cpe:2.3:a:autodesk:infrastructure_parts_editor:2022:*:*:*:*:*:*:*
Matching versions
Autodesk » Infrastructure Parts Editor » Version: 2021
cpe:2.3:a:autodesk:infrastructure_parts_editor:2021:*:*:*:*:*:*:*
Matching versions
Autodesk » Fusion
Versions from including (>=) 2.0.10356 and before (<) 2.0.11405
cpe:2.3:a:autodesk:fusion:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-40164

EPSS FAQ

0.06%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 14 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-40164

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2021-40164

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2021-40164

https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011

Security Advisories | Autodesk Trust Center
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2021-40164

Products affected by CVE-2021-40164

Exploit prediction scoring system (EPSS) score for CVE-2021-40164

CVSS scores for CVE-2021-40164

CWE ids for CVE-2021-40164

References for CVE-2021-40164