Description
A maliciously crafted PAR file, when parsed through Autodesk 3ds Max, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to a denial-of-service condition.
Published: 2026-05-26
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Autodesk 3ds Max can crash when it parses a specially crafted .PAR file. The vulnerability is a NULL Pointer Dereference, as identified by CWE-476. If exploited, the application terminates, resulting in a denial‑of‑service for users of the affected software. The description does not elaborate on further confidentiality or integrity impacts.

Affected Systems

The issue affects Autodesk 3ds Max versions 2026 and 2027, as reflected by the listed CPE entries.

Risk and Exploitability

The CVSS score of 5.5 places the vulnerability in the medium severity range. EPSS score of 0.003% indicates a very low probability of exploitation, and it is not listed in the CISA KEV catalog. The likely attack vector is local: an attacker must supply a malicious .PAR file that the user or a pipeline opens with 3ds Max. Outstanding requires user interaction and the target file being received, suggesting a targeted or opportunistic scenario rather than widespread remote exploitation.

Generated by OpenCVE AI on June 3, 2026 at 16:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check Autodesk’s product releases or security advisory pages for a patch that addresses the PAR file parsing issue and install it as soon as it is available.
  • Avoid opening .PAR files from untrusted or unknown sources; restrict users from importing such files in production environments.
  • Run 3ds Max in a constrained user context or isolated environment, and monitor for unexpected application crashes to detect potential exploitation attempts.

Generated by OpenCVE AI on June 3, 2026 at 16:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L'}

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Tue, 26 May 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 26 May 2026 18:00:00 +0000

Type Values Removed Values Added
Description A maliciously crafted PAR file, when parsed through Autodesk 3ds Max, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to a denial-of-service condition.
Title PAR File Parsing NULL Pointer Dereference in Autodesk 3ds Max
First Time appeared Autodesk
Autodesk 3ds Max
Weaknesses CWE-476
CPEs cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:3ds_max:2027:*:*:*:*:*:*:*
Vendors & Products Autodesk
Autodesk 3ds Max
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L'}

Subscriptions

Autodesk 3ds Max
cve-icon MITRE

Status: PUBLISHED

Assigner: autodesk

Published:

Updated: 2026-06-03T13:38:45.481Z

Reserved: 2026-04-29T17:19:10.754Z

Link: CVE-2026-7450

cve-icon Vulnrichment

Updated: 2026-05-26T18:39:56.643Z

cve-icon NVD

Status : Modified

Published: 2026-05-26T18:16:55.590

Modified: 2026-06-03T14:16:46.787

Link: CVE-2026-7450

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-03T16:15:22Z

Weaknesses