CVE-2021-40156
First published: Wed Sep 15 2021(Updated: )
A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to write beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execute arbitrary code.
Credit: psirt@autodesk.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Autodesk Navisworks | =2019 | |
| Autodesk Navisworks | =2020 | |
| Autodesk Navisworks | =2021 | |
| Autodesk Navisworks | =2022 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2021-40156?
The severity of CVE-2021-40156 is high with a CVSS score of 7.8.
How does CVE-2021-40156 affect Autodesk Navisworks?
CVE-2021-40156 affects Autodesk Navisworks versions 2019, 2020, 2021, and 2022.
Can CVE-2021-40156 be exploited to execute arbitrary code?
Yes, CVE-2021-40156 can be exploited to execute arbitrary code.
How can I fix CVE-2021-40156?
To fix CVE-2021-40156, users should update to the latest version of Autodesk Navisworks.
Where can I find more information about CVE-2021-40156?
More information about CVE-2021-40156 can be found on the Autodesk Security Advisories page.
- collector/nvd-index
- agent/severity
- agent/references
- agent/tags
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/autodesk
- canonical/autodesk navisworks
- version/autodesk navisworks/2019
- version/autodesk navisworks/2020
- version/autodesk navisworks/2021
- version/autodesk navisworks/2022