Description
A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Published: 2026-02-04
Score: 8.4 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a stack‑based buffer overflow that occurs when Autodesk 3ds Max parses a maliciously crafted GIF file. This flaw allows an attacker to execute arbitrary code with the permissions of the 3ds Max process, potentially compromising confidentiality, integrity, or availability of the host system. The weakness corresponds to CWE‑121.

Affected Systems

Autodesk 3ds Max is affected, with the CPEs indicating the 2026 release as an example. All installations that support GIF image import, including the 2026 version and earlier releases, are potentially vulnerable until a patch is applied.

Risk and Exploitability

Execution requires an attacker to supply a malformed GIF to a user running 3ds Max, so the primary exploitation vector is a local or user‑initiated file import, although files obtained over a shared network could also be used. The CVSS score of 8.4 indicates high severity, while the EPSS score of <1% suggests a low probability of exploitation at this time. The vulnerability is not listed in CISA’s KEV catalog. Based on the description, the likely attack vector is local file import or shared file access.

Generated by OpenCVE AI on June 3, 2026 at 16:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the security patch for Autodesk 3ds Max referenced in the advisory at https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0002.
  • If a patch is not yet available, disable or restrict the GIF import feature in 3ds Max, or run the software in a sandboxed environment to contain potential exploitation.
  • Implement network perimeter controls to block the distribution of malicious GIF files and monitor for anomalous creation or usage of large GIF files.

Generated by OpenCVE AI on June 3, 2026 at 16:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Fri, 06 Feb 2026 18:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:autodesk:3ds_max:*:*:*:*:*:*:*:*

Wed, 04 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 04 Feb 2026 16:45:00 +0000

Type Values Removed Values Added
Description A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Title Stack Based Buffer Overflow in GIF File Parsing
First Time appeared Autodesk
Autodesk 3ds Max
Weaknesses CWE-121
CPEs cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*
Vendors & Products Autodesk
Autodesk 3ds Max
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Autodesk 3ds Max
cve-icon MITRE

Status: PUBLISHED

Assigner: autodesk

Published:

Updated: 2026-06-03T13:37:12.813Z

Reserved: 2026-01-06T19:58:22.904Z

Link: CVE-2026-0660

cve-icon Vulnrichment

Updated: 2026-02-04T16:52:36.486Z

cve-icon NVD

Status : Modified

Published: 2026-02-04T17:16:12.790

Modified: 2026-06-03T14:16:32.540

Link: CVE-2026-0660

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-03T16:15:22Z

Weaknesses