Navisworks - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Navisworks
(Autodesk)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	24

Date	Id	Summary	Products	Score	Patch	Annotated
2022-10-07	CVE-2021-40164	A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.	Autocad, Autocad_advance_steel, Autocad_architecture, Autocad_civil_3d, Autocad_electrical, Autocad_lt, Autocad_map_3d, Autocad_mechanical, Autocad_mep, Autocad_plant_3d, Design_review, Dwg_trueview, Fusion, Infrastructure_parts_editor, Infraworks, Inventor, Navisworks, Revit, Storm_and_sanitary_analysis	7.8
2022-10-07	CVE-2021-40166	A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute arbitrary code.	Autocad, Autocad_advance_steel, Autocad_architecture, Autocad_civil_3d, Autocad_electrical, Autocad_lt, Autocad_map_3d, Autocad_mechanical, Autocad_mep, Autocad_plant_3d, Design_review, Dwg_trueview, Fusion, Infrastructure_parts_editor, Infraworks, Inventor, Navisworks, Revit, Storm_and_sanitary_analysis	7.8
2022-06-21	CVE-2022-27871	Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9.1.17 version may be used to write beyond the allocated buffer while parsing PDF files. This vulnerability may be exploited to execute arbitrary code.	3ds_max, Advance_steel, Autocad, Autocad_architecture, Autocad_civil_3d, Autocad_electrical, Autocad_lt, Autocad_map_3d, Autocad_mechanical, Autocad_mep, Autocad_plant_3d, Design_review, Navisworks, Revit	7.8
2022-06-21	CVE-2022-27872	A maliciously crafted PDF file may be used to dereference a pointer for read or write operation while parsing PDF files in Autodesk Navisworks 2022. The vulnerability exists because the application fails to handle a crafted PDF file, which causes an unhandled exception. An attacker can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code.	Navisworks	7.8
2021-12-23	CVE-2021-40160	PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file. This vulnerability can be exploited to execute arbitrary code.	Advance_steel, Autocad, Autocad_architecture, Autocad_electrical, Autocad_lt, Autocad_map_3d, Autocad_mechanical, Autocad_mep, Autocad_plant_3d, Civil_3d, Design_review, Navisworks, Revit	7.8
2022-04-11	CVE-2022-25790	A maliciously crafted DWF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated boundaries when parsing the DWF files. Exploitation of this vulnerability may lead to code execution.	Advance_steel, Autocad, Autocad_architecture, Autocad_electrical, Autocad_lt, Autocad_map_3d, Autocad_mechanical, Autocad_mep, Autocad_plant_3d, Civil_3d, Navisworks	7.8
2022-04-11	CVE-2022-25791	A Memory Corruption vulnerability for DWF and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 may lead to code execution through maliciously crafted DLL files.	Advance_steel, Autocad, Autocad_architecture, Autocad_electrical, Autocad_lt, Autocad_map_3d, Autocad_mechanical, Autocad_mep, Autocad_plant_3d, Civil_3d, Navisworks	7.8
2022-04-11	CVE-2022-27528	A maliciously crafted DWFX and SKP files in Autodesk Navisworks 2022 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.	Navisworks	7.8
2022-04-11	CVE-2022-25792	A maliciously crafted DXF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated buffer through Buffer overflow vulnerability. This vulnerability can be exploited to execute arbitrary code.	Advance_steel, Autocad, Autocad_architecture, Autocad_electrical, Autocad_lt, Autocad_map_3d, Autocad_mechanical, Autocad_mep, Autocad_plant_3d, Civil_3d, Navisworks	7.8
2022-04-11	CVE-2022-25796	A Double Free vulnerability allows remote malicious actors to execute arbitrary code on DWF file in Autodesk Navisworks 2022 within affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.	Navisworks	7.8