CVE-2021-40166: Use After Free
First published: Fri Oct 07 2022(Updated: )
A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute arbitrary code.
Credit: psirt@autodesk.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| AutoCAD | >=2019<2019.1.4 | |
| AutoCAD | >=2020<2020.1.5 | |
| AutoCAD | >=2021<2021.1.2 | |
| AutoCAD | >=2022<2022.1.2 | |
| Autodesk AutoCAD Advance Steel | >=2019<2019.1.4 | |
| Autodesk AutoCAD Advance Steel | >=2020<2020.1.5 | |
| Autodesk AutoCAD Advance Steel | >=2021<2021.1.2 | |
| Autodesk AutoCAD Advance Steel | >=2022<2022.1.2 | |
| AutoCAD | >=2019<2019.1.4 | |
| AutoCAD | >=2020<2020.1.5 | |
| AutoCAD | >=2021<2021.1.2 | |
| AutoCAD | >=2022<2022.1.2 | |
| Autodesk Civil 3D | >=2019<2019.1.4 | |
| Autodesk Civil 3D | >=2020<2020.1.5 | |
| Autodesk Civil 3D | >=2021<2021.1.2 | |
| Autodesk Civil 3D | >=2022<2022.1.2 | |
| AutoCAD | >=2019<2019.1.4 | |
| AutoCAD | >=2020<2020.1.5 | |
| AutoCAD | >=2021<2021.1.2 | |
| AutoCAD | >=2022<2022.1.2 | |
| AutoCAD LT | >=2019<2019.1.4 | |
| AutoCAD LT | >=2020<2020.1.5 | |
| Autodesk AutoCAD LT for macOS | >=2020<2020.3.2 | |
| AutoCAD LT | >=2021<2021.1.2 | |
| Autodesk AutoCAD LT for macOS | >=2021<2021.2.2 | |
| AutoCAD LT | >=2022<2022.1.2 | |
| Autodesk AutoCAD LT for macOS | >=2022<2022.2.2 | |
| AutoCAD | >=2019<2019.1.4 | |
| AutoCAD | >=2020<2020.1.5 | |
| AutoCAD | >=2021<2021.1.2 | |
| AutoCAD | >=2022<2022.1.2 | |
| AutoCAD | >=2019<2019.1.4 | |
| AutoCAD | >=2020<2020.1.5 | |
| AutoCAD | >=2021<2021.1.2 | |
| AutoCAD | >=2022<2022.1.2 | |
| AutoCAD | >=2019<2019.1.4 | |
| AutoCAD | >=2020<2020.1.5 | |
| AutoCAD | >=2021<2021.1.2 | |
| AutoCAD | >=2022<2022.1.2 | |
| AutoCAD | >=2019<2019.1.4 | |
| AutoCAD | >=2020<2020.1.5 | |
| AutoCAD | >=2021<2021.1.2 | |
| AutoCAD | >=2022<2022.1.2 | |
| Autodesk Design Review 2011 | =2018 | |
| Autodesk Design Review 2011 | =2018-hotfix | |
| Autodesk Design Review 2011 | =2018-hotfix2 | |
| Autodesk Design Review 2011 | =2018-hotfix3 | |
| Autodesk DWG TrueView | >=2019<2019.1.4 | |
| Autodesk DWG TrueView | >=2020<2020.1.5 | |
| Autodesk DWG TrueView | >=2021<2021.1.2 | |
| Autodesk DWG TrueView | >=2022<2022.1.1 | |
| Autodesk Fusion 360 | >=2.0.10356<2.0.11405 | |
| Autodesk Infrastructure Parts Editor | >=2019<2019.2.2 | |
| Autodesk Infrastructure Parts Editor | >=2020<2020.0.2 | |
| Autodesk Infrastructure Parts Editor | =2021 | |
| Autodesk Infrastructure Parts Editor | =2022 | |
| Autodesk InfraWorks | >=2019<2019.3 | |
| Autodesk InfraWorks | >=2020<2020.2 | |
| Autodesk InfraWorks | >=2021<2021.2 | |
| Autodesk InfraWorks | =2019.3 | |
| Autodesk InfraWorks | =2019.3-hotfix_1 | |
| Autodesk InfraWorks | =2019.3-hotfix_2 | |
| Autodesk InfraWorks | =2019.3-hotfix_3 | |
| Autodesk InfraWorks | =2020.2 | |
| Autodesk InfraWorks | =2020.2-hotfix_1 | |
| Autodesk InfraWorks | =2020.2-hotfix_2 | |
| Autodesk InfraWorks | =2021.2 | |
| Autodesk InfraWorks | =2021.2-hotfix_1 | |
| Autodesk InfraWorks | =2021.2-hotfix_2 | |
| Autodesk InfraWorks | =2022.0 | |
| Autodesk InfraWorks | =2022.0-hotfix_1 | |
| Autodesk InfraWorks | =2022.1 | |
| Autodesk Inventor | >=2019<2019.6 | |
| Autodesk Inventor | >=2020<2020.5 | |
| Autodesk Inventor | >=2021<2021.4 | |
| Autodesk Inventor | >=2022<2022.2 | |
| Autodesk Navisworks | >=2019<2019.7 | |
| Autodesk Navisworks | >=2020<2020.5 | |
| Autodesk Navisworks | >=2021<2021.4 | |
| Autodesk Navisworks | >=2022<2022.2 | |
| Autodesk Revit Architecture | >=2019<2019.2.4 | |
| Autodesk Revit Architecture | >=2020<2020.2.6 | |
| Autodesk Revit Architecture | >=2021<2021.1.5 | |
| Autodesk Revit Architecture | =2022 | |
| Autodesk Storm and Sanitary Analysis | >=2020<2020.3.1 | |
| Autodesk Storm and Sanitary Analysis | >=2021<2021.3.1 | |
| Autodesk Storm and Sanitary Analysis | =2019 | |
| Autodesk Storm and Sanitary Analysis | =2022 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2021-40166?
CVE-2021-40166 has a severity rating classified as high due to its potential to allow arbitrary code execution.
How do I fix CVE-2021-40166?
To fix CVE-2021-40166, users should update their Autodesk software to the latest versions that contain the necessary security patches.
Which Autodesk products are affected by CVE-2021-40166?
CVE-2021-40166 affects multiple Autodesk products, including various versions of AutoCAD, Civil 3D, and Revit.
Can CVE-2021-40166 be exploited remotely?
Yes, CVE-2021-40166 can be exploited remotely if a user opens a maliciously crafted PNG file.
What can attackers achieve with CVE-2021-40166?
Attackers can exploit CVE-2021-40166 to execute arbitrary code on the affected system, potentially leading to full control.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/autodesk
- canonical/autocad
- version/autocad/2019
- version/autocad/2020
- version/autocad/2021
- version/autocad/2022
- canonical/autodesk autocad advance steel
- version/autodesk autocad advance steel/2019
- version/autodesk autocad advance steel/2020
- version/autodesk autocad advance steel/2021
- version/autodesk autocad advance steel/2022
- canonical/autodesk civil 3d
- version/autodesk civil 3d/2019
- version/autodesk civil 3d/2020
- version/autodesk civil 3d/2021
- version/autodesk civil 3d/2022
- canonical/autocad lt
- version/autocad lt/2019
- version/autocad lt/2020
- canonical/autodesk autocad lt for macos
- version/autodesk autocad lt for macos/2020
- version/autocad lt/2021
- version/autodesk autocad lt for macos/2021
- version/autocad lt/2022
- version/autodesk autocad lt for macos/2022
- canonical/autodesk design review 2011
- version/autodesk design review 2011/2018
- version/autodesk design review 2011/2018-hotfix
- version/autodesk design review 2011/2018-hotfix2
- version/autodesk design review 2011/2018-hotfix3
- canonical/autodesk dwg trueview
- version/autodesk dwg trueview/2019
- version/autodesk dwg trueview/2020
- version/autodesk dwg trueview/2021
- version/autodesk dwg trueview/2022
- canonical/autodesk fusion 360
- version/autodesk fusion 360/2.0.10356
- canonical/autodesk infrastructure parts editor
- version/autodesk infrastructure parts editor/2019
- version/autodesk infrastructure parts editor/2020
- version/autodesk infrastructure parts editor/2021
- version/autodesk infrastructure parts editor/2022
- canonical/autodesk infraworks
- version/autodesk infraworks/2019
- version/autodesk infraworks/2020
- version/autodesk infraworks/2021
- version/autodesk infraworks/2019.3
- version/autodesk infraworks/2019.3-hotfix_1
- version/autodesk infraworks/2019.3-hotfix_2
- version/autodesk infraworks/2019.3-hotfix_3
- version/autodesk infraworks/2020.2
- version/autodesk infraworks/2020.2-hotfix_1
- version/autodesk infraworks/2020.2-hotfix_2
- version/autodesk infraworks/2021.2
- version/autodesk infraworks/2021.2-hotfix_1
- version/autodesk infraworks/2021.2-hotfix_2
- version/autodesk infraworks/2022.0
- version/autodesk infraworks/2022.0-hotfix_1
- version/autodesk infraworks/2022.1
- canonical/autodesk inventor
- version/autodesk inventor/2019
- version/autodesk inventor/2020
- version/autodesk inventor/2021
- version/autodesk inventor/2022
- canonical/autodesk navisworks
- version/autodesk navisworks/2019
- version/autodesk navisworks/2020
- version/autodesk navisworks/2021
- version/autodesk navisworks/2022
- canonical/autodesk revit architecture
- version/autodesk revit architecture/2019
- version/autodesk revit architecture/2020
- version/autodesk revit architecture/2021
- version/autodesk revit architecture/2022
- canonical/autodesk storm and sanitary analysis
- version/autodesk storm and sanitary analysis/2020
- version/autodesk storm and sanitary analysis/2021
- version/autodesk storm and sanitary analysis/2019
- version/autodesk storm and sanitary analysis/2022