Description
A maliciously crafted TIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Published: 2026-05-26
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An out-of-bounds write occurs when Autodesk 3ds Max parses a malicious TIF file, permitting memory corruption that can result in application crashes, data corruption or execution of arbitrary code in the context of the user’s current process. The CVSS score of 7.8 highlights the significance of this flaw, while the absence of an EPSS score indicates limited current exploitation data but does not diminish the potential for impact.

Affected Systems

All versions of Autodesk 3ds Max 2026 and 2027 are affected, as identified by the CNA product list. The vulnerability is triggered whenever the software processes a crafted TIF file, regardless of the end user’s privileges.

Risk and Exploitability

Moderate to high risk is indicated by a CVSS of 7.8, and the vulnerability is not listed in CISA KEV, suggesting that publicly known exploit tooling is currently limited. The likely attack vector is local; an adversary supplies a malicious TIF file that an end user opens. No remote network component is required, so the threat surface is confined to users who run untrusted TIF files within 3ds Max.

Generated by OpenCVE AI on May 26, 2026 at 19:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and install the latest Autodesk 3ds Max release that includes the fix for this flaw, as referenced in the Autodesk security advisory.
  • Limit the ability of users to open unknown TIF files by enforcing file type restrictions or running the 3ds Max process in a sandboxed environment to contain potential code execution.
  • Maintain an up-to-date subscription to Autodesk security bulletins and monitor the vendor’s website so that patches can be applied promptly when they become available.

Generated by OpenCVE AI on May 26, 2026 at 19:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 26 May 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 26 May 2026 18:00:00 +0000

Type Values Removed Values Added
Description A maliciously crafted TIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Title TIF File Parsing Out-of-Bounds Write in Autodesk 3ds Max
First Time appeared Autodesk
Autodesk 3ds Max
Weaknesses CWE-787
CPEs cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:3ds_max:2027:*:*:*:*:*:*:*
Vendors & Products Autodesk
Autodesk 3ds Max
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Autodesk 3ds Max
cve-icon MITRE

Status: PUBLISHED

Assigner: autodesk

Published:

Updated: 2026-05-27T03:55:53.580Z

Reserved: 2026-04-29T17:19:11.566Z

Link: CVE-2026-7451

cve-icon Vulnrichment

Updated: 2026-05-26T18:39:42.666Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-26T18:16:55.757

Modified: 2026-05-26T20:41:34.313

Link: CVE-2026-7451

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T20:00:12Z

Weaknesses