Description
A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Published: 2026-02-04
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote code execution
Action: Immediate patch
AI Analysis

Impact

The vulnerability is a stack-based buffer overflow triggered when Autodesk 3ds Max parses a maliciously crafted GIF file. This flaw allows an attacker to execute arbitrary code in the context of the 3ds Max process, compromising confidentiality, integrity, or availability of the host system. The flaw corresponds to CWE‑121.

Affected Systems

The issue affects Autodesk 3ds Max, documented for the 2026 release and likely for earlier editions that handle GIF images. No specific version numbers are listed, so all installations that process GIF files are potentially vulnerable until a patch is applied.

Risk and Exploitability

Execution requires an attacker to supply a malformed GIF to a user running 3ds Max, so the primary exploitation vector is a local or user‑initiated file import, although network‑shared files could also be used. The CVSS score of 7.8 indicates high severity, but the EPSS indicates a low probability of exploitation, and the vulnerability is not yet listed in CISA’s KEV catalog. Nevertheless, the ability to run arbitrary code warrants prompt remediation.

Generated by OpenCVE AI on April 17, 2026 at 23:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the vendor's security patch for Autodesk 3ds Max that resolves the GIF parsing buffer overflow.
  • If a patch is unavailable, disable or restrict GIF import functionality in 3ds Max or isolate the software in a sandboxed environment.
  • Apply network perimeter controls to block the distribution of malicious GIF files and monitor for anomalous creation or use of large GIF files.

Generated by OpenCVE AI on April 17, 2026 at 23:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 06 Feb 2026 18:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:autodesk:3ds_max:*:*:*:*:*:*:*:*

Wed, 04 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 04 Feb 2026 16:45:00 +0000

Type Values Removed Values Added
Description A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Title Stack Based Buffer Overflow in GIF File Parsing
First Time appeared Autodesk
Autodesk 3ds Max
Weaknesses CWE-121
CPEs cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*
Vendors & Products Autodesk
Autodesk 3ds Max
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Autodesk 3ds Max
cve-icon MITRE

Status: PUBLISHED

Assigner: autodesk

Published:

Updated: 2026-02-26T15:04:19.333Z

Reserved: 2026-01-06T19:58:22.904Z

Link: CVE-2026-0660

cve-icon Vulnrichment

Updated: 2026-02-04T16:52:36.486Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-04T17:16:12.790

Modified: 2026-02-06T17:48:33.337

Link: CVE-2026-0660

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T23:30:15Z

Weaknesses