CVE-2023-27911: Buffer Overflow
First published: Mon Apr 17 2023(Updated: )
A user may be tricked into opening a malicious FBX file that may exploit a heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior which may lead to code execution.
Credit: psirt@autodesk.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Autodesk FBX Software Development Kit | >=2020.0<2020.3.4 | |
| =17.2 | ||
| =5 | ||
| =15.9 | ||
| =3 | ||
| =17.4 | ||
| =16.11 | ||
| =17.0 | ||
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-27911?
CVE-2023-27911 is a heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior.
Which software is affected by CVE-2023-27911?
Visual Studio 2022 (version 17.2), Visual Studio 2017 (includes 15.0 - 15.8), Visual Studio 2015, Visual Studio 2022 (version 17.4), Visual Studio 2022 (version 17.0), Visual Studio 2013, Visual Studio 2019 (includes 16.0 - 16.10), Office LTSC 2021 for 32-bit editions, Office 2019 for 64-bit editions, Office LTSC 2021 for 64-bit editions, Microsoft 365 Apps for Enterprise (x86), Office 2019 for 32-bit editions, Microsoft 365 Apps for Enterprise (x86_64), and Microsoft 3D Viewer are affected by CVE-2023-27911.
What is the severity of CVE-2023-27911?
CVE-2023-27911 has a severity rating of high (7).
How can I fix CVE-2023-27911 for Visual Studio 2022 (version 17.2)?
You can find the necessary patches or updates for Visual Studio 2022 (version 17.2) at [this URL](https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2).
How can I fix CVE-2023-27911 for Visual Studio 2019 (includes 16.0 - 16.10)?
You can find the necessary patches or updates for Visual Studio 2019 (includes 16.0 - 16.10) at [this URL](https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11).
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/msrc-cve
- source/Microsoft
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/msrc
- collector/nvd-index
- vendor/microsoft
- canonical/microsoft visual studio 2022
- version/microsoft visual studio 2022/17.2
- canonical/microsoft office 2019 for 32-bit editions
- canonical/microsoft office 2019 for 64-bit editions
- canonical/microsoft visual studio 2013
- version/microsoft visual studio 2013/5
- canonical/microsoft visual studio 2017 (includes 15.0 - 15.8)
- version/microsoft visual studio 2017 (includes 15.0 - 15.8)/15.9
- canonical/microsoft visual studio 2015
- version/microsoft visual studio 2015/3
- version/microsoft visual studio 2022/17.4
- version/microsoft visual studio 2022/17.6
- canonical/microsoft visual studio 2019 (includes 16.0 - 16.10)
- version/microsoft visual studio 2019 (includes 16.0 - 16.10)/16.11
- canonical/microsoft office ltsc 2021 for 64-bit editions
- canonical/microsoft office ltsc 2021 for 32-bit editions
- version/microsoft visual studio 2022/17.0
- canonical/microsoft 3d viewer
- canonical/microsoft 365 apps for enterprise
- vendor/autodesk
- canonical/autodesk fbx software development kit
- version/autodesk fbx software development kit/2020.0