CVE-2021-40160
First published: Thu Dec 23 2021(Updated: )
PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file. This vulnerability can be exploited to execute arbitrary code.
Credit: psirt@autodesk.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Autodesk Revit Architecture | >=2020<2020.2.5 | |
| Autodesk Revit Architecture | >=2021<2021.1.4 | |
| Autodesk Revit Architecture | >=2022<2022.1 | |
| Autodesk Navisworks | >=2019<2019.6 | |
| Autodesk Navisworks | >=2020<2020.4 | |
| Autodesk Navisworks | >=2021<2021.3 | |
| Autodesk Navisworks | >=2022<2022.1 | |
| Autodesk AutoCAD Advance Steel | >=2022<2022.1.1 | |
| AutoCAD | >=2022<2022.1.1 | |
| Autodesk AutoCAD LT for macOS | >=2022<2022.2 | |
| AutoCAD | >=2022<2022.1.1 | |
| AutoCAD | >=2022<2022.1.1 | |
| AutoCAD LT | >=2022<2022.1.1 | |
| Autodesk AutoCAD LT for macOS | >=2022<2022.2 | |
| AutoCAD | >=2022<2022.1.1 | |
| AutoCAD | >=2022<2022.1.1 | |
| AutoCAD | >=2022<2022.1.1 | |
| AutoCAD | >=2022<2022.1.1 | |
| Autodesk AutoCAD Civil 3D | >=2022<2022.1.1 | |
| Autodesk Design Review 2011 | =2018 | |
| Autodesk Design Review 2011 | =2018-hotfix | |
| Autodesk Design Review 2011 | =2018-hotfix2 | |
| Autodesk Design Review 2011 | =2018-hotfix3 | |
| Autodesk Design Review 2011 | =2018-hotfix4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-40160?
CVE-2021-40160 is a vulnerability in PDFTron prior to version 9.0.7 that allows for the execution of arbitrary code by forcing the application to read beyond allocated boundaries when parsing a malicious PDF file.
Which software versions are affected by CVE-2021-40160?
CVE-2021-40160 affects Autodesk Revit versions 2020 and 2021, Autodesk Navisworks versions 2019, 2020, and 2021, Autodesk Advance Steel version 2022, and Autodesk AutoCAD versions 2022 and 2022.2, among others.
How severe is CVE-2021-40160?
CVE-2021-40160 has a severity score of 7.8 (high severity).
How can I fix CVE-2021-40160?
To fix CVE-2021-40160, you should update PDFTron to version 9.0.7 or later. Make sure to download the latest version from the official PDFTron website.
Where can I find more information about CVE-2021-40160?
You can find more information about CVE-2021-40160 in the Autodesk security advisory AD-SK-SA-2021-0010, available at the following link: https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/remedy
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/autodesk
- canonical/autodesk revit architecture
- version/autodesk revit architecture/2020
- version/autodesk revit architecture/2021
- version/autodesk revit architecture/2022
- canonical/autodesk navisworks
- version/autodesk navisworks/2019
- version/autodesk navisworks/2020
- version/autodesk navisworks/2021
- version/autodesk navisworks/2022
- canonical/autodesk autocad advance steel
- version/autodesk autocad advance steel/2022
- canonical/autocad
- version/autocad/2022
- canonical/autodesk autocad lt for macos
- version/autodesk autocad lt for macos/2022
- canonical/autocad lt
- version/autocad lt/2022
- canonical/autodesk autocad civil 3d
- version/autodesk autocad civil 3d/2022
- canonical/autodesk design review 2011
- version/autodesk design review 2011/2018
- version/autodesk design review 2011/2018-hotfix
- version/autodesk design review 2011/2018-hotfix2
- version/autodesk design review 2011/2018-hotfix3
- version/autodesk design review 2011/2018-hotfix4