Description
A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Published: 2026-02-04
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Code Execution
Action: Patch Immediately
AI Analysis

Impact

A malformed GIF file can trigger a stack-based buffer overflow when parsed by Autodesk 3ds Max, allowing an attacker to run arbitrary code within the application's process. The vulnerability falls under CWE-787 and is rated high severity with a CVSS score of 7.8.

Affected Systems

Autodesk 3ds Max is the affected product. The advisory does not specify all vulnerable versions, but references indicate issues in the 2026 release line. Users of any 3ds Max version that has not yet applied the latest patch are potentially affected.

Risk and Exploitability

Based on the description, it is inferred that the attacker may need to craft a malicious GIF and convince a user to open it in 3ds Max. The CVSS score reflects a significant risk, but the EPSS score is less than 1% and the vulnerability is not listed in KEV, suggesting low exploitation probability at present. The exploit requires the attacker to craft a malicious GIF and convince a user to open it in 3ds Max, implying a local or user‑initiated attack vector. No public exploit code has been disclosed, but the vulnerability can lead to full code execution under the current user’s privileges.

Generated by OpenCVE AI on April 18, 2026 at 13:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Autodesk 3ds Max patch released in advisory adsk-sa-2026-0002.
  • Upgrade to the latest available 3ds Max version that includes the fix for GIF parsing.
  • If an update is not immediately possible, restrict the application’s ability to process GIF files or remove any plug‑ins that import GIF images until a patch is applied.
  • Implement user training and file‑type restrictions to prevent opening malicious GIF files from untrusted sources.

Generated by OpenCVE AI on April 18, 2026 at 13:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 05 Feb 2026 22:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:autodesk:3ds_max:*:*:*:*:*:*:*:*

Wed, 04 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 04 Feb 2026 18:30:00 +0000

Type Values Removed Values Added
Description A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Title GIF File Parsing Stack Based Buffer Overflow
First Time appeared Autodesk
Autodesk 3ds Max
Weaknesses CWE-787
CPEs cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*
Vendors & Products Autodesk
Autodesk 3ds Max
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Autodesk 3ds Max
cve-icon MITRE

Status: PUBLISHED

Assigner: autodesk

Published:

Updated: 2026-02-26T15:04:18.760Z

Reserved: 2025-12-23T07:15:48.479Z

Link: CVE-2026-0536

cve-icon Vulnrichment

Updated: 2026-02-04T18:37:26.026Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-04T19:16:14.290

Modified: 2026-02-05T22:06:39.947

Link: CVE-2026-0536

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T14:00:02Z

Weaknesses