Advisory Details

February 10th, 2022

Autodesk Inventor JT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZDI-22-283
ZDI-CAN-15669

CVE ID CVE-2021-40158
CVSS SCORE 7.8, (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
AFFECTED VENDORS Autodesk
AFFECTED PRODUCTS Inventor
VULNERABILITY DETAILS

same as ZDI-CAN-15617

ADDITIONAL DETAILS Autodesk has issued an update to correct this vulnerability. More details can be found at:
https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002
DISCLOSURE TIMELINE
  • 2021-10-29 - Vulnerability reported to vendor
  • 2022-02-10 - Coordinated public release of advisory
CREDIT Mat Powell of Trend Micro Zero Day Initiative
BACK TO ADVISORIES