CVE-2021-40165: Buffer Overflow
First published: Fri Oct 07 2022(Updated: )
A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocated buffer while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.
Credit: psirt@autodesk.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| AutoCAD | >=2019<2019.1.4 | |
| AutoCAD | >=2020<2020.1.5 | |
| AutoCAD | >=2021<2021.1.2 | |
| AutoCAD | >=2022<2022.1.2 | |
| Autodesk AutoCAD Advance Steel | >=2019<2019.1.4 | |
| Autodesk AutoCAD Advance Steel | >=2020<2020.1.5 | |
| Autodesk AutoCAD Advance Steel | >=2021<2021.1.2 | |
| Autodesk AutoCAD Advance Steel | >=2022<2022.1.2 | |
| AutoCAD | >=2019<2019.1.4 | |
| AutoCAD | >=2020<2020.1.5 | |
| AutoCAD | >=2021<2021.1.2 | |
| AutoCAD | >=2022<2022.1.2 | |
| Autodesk Civil 3D | >=2019<2019.1.4 | |
| Autodesk Civil 3D | >=2020<2020.1.5 | |
| Autodesk Civil 3D | >=2021<2021.1.2 | |
| Autodesk Civil 3D | >=2022<2022.1.2 | |
| AutoCAD | >=2019<2019.1.4 | |
| AutoCAD | >=2020<2020.1.5 | |
| AutoCAD | >=2021<2021.1.2 | |
| AutoCAD | >=2022<2022.1.2 | |
| AutoCAD LT | >=2019<2019.1.4 | |
| AutoCAD LT | >=2020<2020.1.5 | |
| Autodesk AutoCAD LT for macOS | >=2020<2020.3.2 | |
| AutoCAD LT | >=2021<2021.1.2 | |
| Autodesk AutoCAD LT for macOS | >=2021<2021.2.2 | |
| AutoCAD LT | >=2022<2022.1.2 | |
| Autodesk AutoCAD LT for macOS | >=2022<2022.2.2 | |
| AutoCAD | >=2019<2019.1.4 | |
| AutoCAD | >=2020<2020.1.5 | |
| AutoCAD | >=2021<2021.1.2 | |
| AutoCAD | >=2022<2022.1.2 | |
| AutoCAD | >=2019<2019.1.4 | |
| AutoCAD | >=2020<2020.1.5 | |
| AutoCAD | >=2021<2021.1.2 | |
| AutoCAD | >=2022<2022.1.2 | |
| AutoCAD | >=2019<2019.1.4 | |
| AutoCAD | >=2020<2020.1.5 | |
| AutoCAD | >=2021<2021.1.2 | |
| AutoCAD | >=2022<2022.1.2 | |
| AutoCAD | >=2019<2019.1.4 | |
| AutoCAD | >=2020<2020.1.5 | |
| AutoCAD | >=2021<2021.1.2 | |
| AutoCAD | >=2022<2022.1.2 | |
| Autodesk Design Review 2011 | =2018 | |
| Autodesk Design Review 2011 | =2018-hotfix | |
| Autodesk Design Review 2011 | =2018-hotfix2 | |
| Autodesk Design Review 2011 | =2018-hotfix3 | |
| Autodesk DWG TrueView | >=2019<2019.1.4 | |
| Autodesk DWG TrueView | >=2020<2020.1.5 | |
| Autodesk DWG TrueView | >=2021<2021.1.2 | |
| Autodesk DWG TrueView | >=2022<2022.1.1 | |
| Autodesk Fusion 360 | >=2.0.10356<2.0.11405 | |
| Autodesk Infrastructure Parts Editor | >=2019<2019.2.2 | |
| Autodesk Infrastructure Parts Editor | >=2020<2020.0.2 | |
| Autodesk Infrastructure Parts Editor | =2021 | |
| Autodesk Infrastructure Parts Editor | =2022 | |
| Autodesk InfraWorks | >=2019<2019.3 | |
| Autodesk InfraWorks | >=2020<2020.2 | |
| Autodesk InfraWorks | >=2021<2021.2 | |
| Autodesk InfraWorks | =2019.3 | |
| Autodesk InfraWorks | =2019.3-hotfix_1 | |
| Autodesk InfraWorks | =2019.3-hotfix_2 | |
| Autodesk InfraWorks | =2019.3-hotfix_3 | |
| Autodesk InfraWorks | =2020.2 | |
| Autodesk InfraWorks | =2020.2-hotfix_1 | |
| Autodesk InfraWorks | =2020.2-hotfix_2 | |
| Autodesk InfraWorks | =2021.2 | |
| Autodesk InfraWorks | =2021.2-hotfix_1 | |
| Autodesk InfraWorks | =2021.2-hotfix_2 | |
| Autodesk InfraWorks | =2022.0 | |
| Autodesk InfraWorks | =2022.0-hotfix_1 | |
| Autodesk InfraWorks | =2022.1 | |
| Autodesk Inventor | >=2019<2019.6 | |
| Autodesk Inventor | >=2020<2020.5 | |
| Autodesk Inventor | >=2021<2021.4 | |
| Autodesk Inventor | >=2022<2022.2 | |
| Autodesk Navisworks | >=2019<2019.7 | |
| Autodesk Navisworks | >=2020<2020.5 | |
| Autodesk Navisworks | >=2021<2021.4 | |
| Autodesk Navisworks | >=2022<2022.2 | |
| Autodesk Revit Architecture | >=2019<2019.2.4 | |
| Autodesk Revit Architecture | >=2020<2020.2.6 | |
| Autodesk Revit Architecture | >=2021<2021.1.5 | |
| Autodesk Revit Architecture | =2022 | |
| Autodesk Storm and Sanitary Analysis | >=2020<2020.3.1 | |
| Autodesk Storm and Sanitary Analysis | >=2021<2021.3.1 | |
| Autodesk Storm and Sanitary Analysis | =2019 | |
| Autodesk Storm and Sanitary Analysis | =2022 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2021-40165?
CVE-2021-40165 is rated as a critical vulnerability due to its potential to allow arbitrary code execution.
Which software versions are affected by CVE-2021-40165?
CVE-2021-40165 affects various versions of Autodesk software, including AutoCAD, AutoCAD LT, and others, up to specified versions from 2019 to 2022.
How do I fix CVE-2021-40165?
To fix CVE-2021-40165, update your Autodesk software to the latest version provided by Autodesk to mitigate the vulnerability.
What type of files can exploit CVE-2021-40165?
CVE-2021-40165 can be exploited through maliciously crafted TIFF, PICT, TGA, or RLC files.
What should I do if I cannot update my software for CVE-2021-40165?
If you cannot update your software for CVE-2021-40165, avoid opening any untrusted TIFF, PICT, TGA, or RLC files to mitigate risk.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/autodesk
- canonical/autocad
- version/autocad/2019
- version/autocad/2020
- version/autocad/2021
- version/autocad/2022
- canonical/autodesk autocad advance steel
- version/autodesk autocad advance steel/2019
- version/autodesk autocad advance steel/2020
- version/autodesk autocad advance steel/2021
- version/autodesk autocad advance steel/2022
- canonical/autodesk civil 3d
- version/autodesk civil 3d/2019
- version/autodesk civil 3d/2020
- version/autodesk civil 3d/2021
- version/autodesk civil 3d/2022
- canonical/autocad lt
- version/autocad lt/2019
- version/autocad lt/2020
- canonical/autodesk autocad lt for macos
- version/autodesk autocad lt for macos/2020
- version/autocad lt/2021
- version/autodesk autocad lt for macos/2021
- version/autocad lt/2022
- version/autodesk autocad lt for macos/2022
- canonical/autodesk design review 2011
- version/autodesk design review 2011/2018
- version/autodesk design review 2011/2018-hotfix
- version/autodesk design review 2011/2018-hotfix2
- version/autodesk design review 2011/2018-hotfix3
- canonical/autodesk dwg trueview
- version/autodesk dwg trueview/2019
- version/autodesk dwg trueview/2020
- version/autodesk dwg trueview/2021
- version/autodesk dwg trueview/2022
- canonical/autodesk fusion 360
- version/autodesk fusion 360/2.0.10356
- canonical/autodesk infrastructure parts editor
- version/autodesk infrastructure parts editor/2019
- version/autodesk infrastructure parts editor/2020
- version/autodesk infrastructure parts editor/2021
- version/autodesk infrastructure parts editor/2022
- canonical/autodesk infraworks
- version/autodesk infraworks/2019
- version/autodesk infraworks/2020
- version/autodesk infraworks/2021
- version/autodesk infraworks/2019.3
- version/autodesk infraworks/2019.3-hotfix_1
- version/autodesk infraworks/2019.3-hotfix_2
- version/autodesk infraworks/2019.3-hotfix_3
- version/autodesk infraworks/2020.2
- version/autodesk infraworks/2020.2-hotfix_1
- version/autodesk infraworks/2020.2-hotfix_2
- version/autodesk infraworks/2021.2
- version/autodesk infraworks/2021.2-hotfix_1
- version/autodesk infraworks/2021.2-hotfix_2
- version/autodesk infraworks/2022.0
- version/autodesk infraworks/2022.0-hotfix_1
- version/autodesk infraworks/2022.1
- canonical/autodesk inventor
- version/autodesk inventor/2019
- version/autodesk inventor/2020
- version/autodesk inventor/2021
- version/autodesk inventor/2022
- canonical/autodesk navisworks
- version/autodesk navisworks/2019
- version/autodesk navisworks/2020
- version/autodesk navisworks/2021
- version/autodesk navisworks/2022
- canonical/autodesk revit architecture
- version/autodesk revit architecture/2019
- version/autodesk revit architecture/2020
- version/autodesk revit architecture/2021
- version/autodesk revit architecture/2022
- canonical/autodesk storm and sanitary analysis
- version/autodesk storm and sanitary analysis/2020
- version/autodesk storm and sanitary analysis/2021
- version/autodesk storm and sanitary analysis/2019
- version/autodesk storm and sanitary analysis/2022