{"containers": {"cna": {"affected": [{"product": "Revit, Navisworks, Autodesk\u00ae Advance Steel, AutoCAD\u00ae, AutoCAD\u00ae Architecture, AutoCAD\u00ae Electrical, AutoCAD\u00ae Map 3D, AutoCAD\u00ae Mechanical, AutoCAD\u00ae MEP, AutoCAD\u00ae Plant 3D, AutoCAD\u00ae LT, Autodesk\u00ae Civil 3D, AutoCAD\u00ae Mac, AutoCAD\u00ae LT for Mac", "vendor": "n/a", "versions": [{"status": "affected", "version": "prior to 9.0.7"}]}], "descriptions": [{"lang": "en", "value": "PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file. This vulnerability can be exploited to execute arbitrary code."}], "problemTypes": [{"descriptions": [{"description": "Out-of-bound Read Vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-04-18T16:20:48.000Z", "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "shortName": "autodesk"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@autodesk.com", "ID": "CVE-2021-40160", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Revit, Navisworks, Autodesk\u00ae Advance Steel, AutoCAD\u00ae, AutoCAD\u00ae Architecture, AutoCAD\u00ae Electrical, AutoCAD\u00ae Map 3D, AutoCAD\u00ae Mechanical, AutoCAD\u00ae MEP, AutoCAD\u00ae Plant 3D, AutoCAD\u00ae LT, Autodesk\u00ae Civil 3D, AutoCAD\u00ae Mac, AutoCAD\u00ae LT for Mac", "version": {"version_data": [{"version_value": "prior to 9.0.7"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file. This vulnerability can be exploited to execute arbitrary code."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Out-of-bound Read Vulnerability"}]}]}, "references": {"reference_data": [{"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010", "refsource": "MISC", "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T02:27:31.871Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010"}]}]}, "cveMetadata": {"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "assignerShortName": "autodesk", "cveId": "CVE-2021-40160", "datePublished": "2021-12-23T18:31:31.000Z", "dateReserved": "2021-08-27T00:00:00.000Z", "dateUpdated": "2024-08-04T02:27:31.871Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*", "matchCriteriaId": "6DCAF9B0-8B1F-4625-B04F-DECB699C9770", "versionEndExcluding": "2020.2.5", "versionStartIncluding": "2020", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*", "matchCriteriaId": "A9BBB8FC-C689-4DF6-B79D-248C0144A5EC", "versionEndExcluding": "2021.1.4", "versionStartIncluding": "2021", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*", "matchCriteriaId": "A29624C7-516C-4E7E-B1FE-43ED3188BC70", "versionEndExcluding": "2022.1", "versionStartIncluding": "2022", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*", "matchCriteriaId": "70EC1A64-F7DD-4835-969F-A9051F06CB60", "versionEndExcluding": "2019.6", "versionStartIncluding": "2019", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB5C1908-9829-46DE-881F-57277490BE71", "versionEndExcluding": "2020.4", "versionStartIncluding": "2020", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*", "matchCriteriaId": "AE821566-76A8-43D6-9628-B82CFE9FAC19", "versionEndExcluding": "2021.3", "versionStartIncluding": "2021", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*", "matchCriteriaId": "CE0E4388-28DB-4D72-BA69-882A121C8C9A", "versionEndExcluding": "2022.1", "versionStartIncluding": "2022", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*", "matchCriteriaId": "67E62F6D-C9D2-4129-A25A-468F150BA2CB", "versionEndExcluding": "2022.1.1", "versionStartIncluding": "2022", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", "matchCriteriaId": "4104E0A8-E133-41F9-A60A-368FD2DCC1A3", "versionEndExcluding": "2022.1.1", "versionStartIncluding": "2022", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:macos:*:*", "matchCriteriaId": "F7B0B566-F23E-4637-8611-8D055A90F421", "versionEndExcluding": "2022.2", "versionStartIncluding": "2022", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", "matchCriteriaId": "D42D33AA-39DC-4B60-A87F-2B9A41390EDA", "versionEndExcluding": "2022.1.1", "versionStartIncluding": "2022", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", "matchCriteriaId": "D2D4CB47-D77A-4ACA-A606-3E7880729E0C", "versionEndExcluding": "2022.1.1", "versionStartIncluding": "2022", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", "matchCriteriaId": "E813870A-AAB5-491F-8ECA-587432AD9935", "versionEndExcluding": "2022.1.1", "versionStartIncluding": "2022", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:*", "matchCriteriaId": "FF16B57E-C704-43BE-94F5-F09493257323", "versionEndExcluding": "2022.2", "versionStartIncluding": "2022", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", "matchCriteriaId": "1172D845-0F80-45EC-95D6-911556D4032D", "versionEndExcluding": "2022.1.1", "versionStartIncluding": "2022", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", "matchCriteriaId": "047BD11C-74A7-47AA-A593-BAACD00D2B89", "versionEndExcluding": "2022.1.1", "versionStartIncluding": "2022", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", "matchCriteriaId": "C926403A-E06B-45A7-9693-CF0B78C7C627", "versionEndExcluding": "2022.1.1", "versionStartIncluding": "2022", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", "matchCriteriaId": "C3807591-D6E0-4BB6-9573-C318A9D4EF60", "versionEndExcluding": "2022.1.1", "versionStartIncluding": "2022", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*", "matchCriteriaId": "B4C8F3C7-F830-4138-99BD-064F969E4929", "versionEndExcluding": "2022.1.1", "versionStartIncluding": "2022", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:design_review:2018:-:*:*:*:*:*:*", "matchCriteriaId": "213232B9-A40B-436D-A66A-B65C49D59BE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:design_review:2018:hotfix:*:*:*:*:*:*", "matchCriteriaId": "2D0CF4DC-ACA5-41D0-B28E-CEB5D2C96F71", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:design_review:2018:hotfix2:*:*:*:*:*:*", "matchCriteriaId": "84ED1789-A17F-48F7-A152-09D2A5C59254", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:design_review:2018:hotfix3:*:*:*:*:*:*", "matchCriteriaId": "74819924-EB63-4BBF-9986-FEF6100EEE15", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:design_review:2018:hotfix4:*:*:*:*:*:*", "matchCriteriaId": "100922EF-C773-4798-B352-B16FCAD48F36", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file. This vulnerability can be exploited to execute arbitrary code."}, {"lang": "es", "value": "PDFTron antes de la versi\u00f3n 9.0.7 puede ser forzado a leer m\u00e1s all\u00e1 de los l\u00edmites asignados al analizar un archivo PDF malicioso. Esta vulnerabilidad puede ser explotada para ejecutar c\u00f3digo arbitrario"}], "id": "CVE-2021-40160", "lastModified": "2024-11-21T06:23:41.700", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-12-23T19:15:12.117", "references": [{"source": "psirt@autodesk.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010"}], "sourceIdentifier": "psirt@autodesk.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}