& Construction
Integrated BIM tools, including Revit, AutoCAD, and Civil 3D
& Manufacturing
Professional CAD/CAM tools built on Inventor and AutoCAD
ADSK-SA-2024-AUTODESK-USER-ACCOUNTS
As a courtesy, Autodesk is informing its customers of a general uptick in third-party threat activity, in which suspected threat actors seemingly target media and entertainment organizations. We have found no evidence that t
2024-08-30
ADSK-SA-2024-CROWDSTRIKE-UPDATE
On July 18th, a worldwide outage of Microsoft Windows computers was caused by an update from CrowdStrike for its Falcon Sensor product which is used for endpoint protection. Per CrowdStrike, this outage is not a cyberattack.
2024-07-19
ADSK-SA-2024-0027
Autodesk Navisworks is affected by multiple DWFX vulnerabilities listed below. Exploitation of these vulnerabilities may lead to code execution. Exploitation of these vulnerabilities requires user interaction.
2024-12-17
ADSK-SA-2024-0026
Autodesk Revit is affected by an SKP File Parsing Heap Corruption vulnerability. Exploitation of this vulnerability requires user interaction and may lead to an application crash or arbitrary code execution.
2024-12-09
ADSK-SA-2024-0025
Autodesk Revit is affected by an Untrusted Search Path vulnerability. Exploitation of this vulnerability requires user interaction and may lead to arbitrary code execution.
2024-12-09
ADSK-SA-2024-0024
Autodesk Revit is affected by a PDF File Parsing vulnerability. Exploitation of this vulnerability requires user interaction and can cause a crash.
2024-12-09
ADSK-SA-2024-0023
Autodesk desktop applications utilizing the Autodesk Installer have been affected by an insecure temporary file vulnerability that allows a non-admin user to escalate their privileges. Exploitation of this vulnerability can lead to code execution.
2024-11-14
ADSK-SA-2024-0022
Autodesk VRED Design is affected by an untrusted search path vulnerability listed below. Exploitation of this vulnerability may lead to code execution.
2024-11-05
ADSK-SA-2024-0021
Autodesk AutoCAD and certain Autodesk desktop products are affected by Out-of-Bounds Write and Stack-based Buffer Overflow vulnerabilities. Exploitation of these vulnerabilities may lead to code execution.
2024-10-29
ADSK-SA-2024-0020
Autodesk AutoCAD and certain AutoCAD-based products are affected by the vulnerability listed below. Exploitation of this vulnerability may lead to code execution.
2024-10-29
ADSK-SA-2024-0019
Autodesk AutoCAD and certain AutoCAD-based products are affected by multiple vulnerabilities listed below. Exploitation of these vulnerabilities may lead to code execution.
2024-10-29
ADSK-SA-2024-0018
Autodesk Revit is affected by a PDF file parsing vulnerability. Exploitation of this vulnerability requires user interaction and may lead to remote code execution.
2024-10-15
ADSK-SA-2024-0017
Autodesk Revit is affected by a file parsing vulnerability. Exploitation of this vulnerability requires user interaction and may lead to remote code execution.
2024-10-15
ADSK-SA-2024-0016
Autodesk InfraWorks has been affected by multiple vulnerabilities detailed below. Exploitation of these vulnerabilities may lead to remote code execution and/or denial-of-service to the software and user devices.
2024-10-02
ADSK-SA-2024-0015
Autodesk Navisworks is affected by multiple vulnerabilities listed below. Exploitation of these vulnerabilities may lead to remote code execution.
2024-09-29
ADSK-SA-2024-0014
Autodesk AutoCAD and certain AutoCAD-based products are affected by an Out-of-Bounds Write vulnerability. Exploitation of this vulnerability may lead to code execution.
2024-08-19
ADSK-SA-2024-0013
Autodesk Revit is affected by a Stack-based Overflow vulnerability. Exploitation of this vulnerability requires user interaction and may lead to code execution.
2024-08-20
ADSK-SA-2024-0012
Autodesk InfraWorks has been affected by multiple vulnerabilities detailed below. Exploitation of these vulnerabilities may lead to remote code execution and/or denial-of-service to the software and user devices. Hotfixes ar
2024-07-16
ADSK-SA-2024-0011
A Python-based exploit has been identified in Autodesk Maya and a free plugin is now available in the Autodesk App Store to help detect and resolve potential issues caused by this malicious code. Exploitation of this vulnera
2024-06-17
ADSK-SA-2024-0010
Autodesk AutoCAD and certain AutoCAD-based products are affected by Out-of-Bounds Write, Out-of-Bounds Read, Heap-based Overflow, Use-After-Free, Memory Corruption, and Uninitialized Variable vulnerabilities. Exploitation of
2024-06-17
ADSK-SA-2024-0009
Autodesk AutoCAD and certain AutoCAD-based products are being affected by Out-of-Bounds Write, Out-of-Bounds Read, Heap based Overflow, Stack-based Overflow, Use-After-Free, Memory Corruption, Double Free, and Uninitialized
2024-05-31
ADSK-SA-2024-0008
Autodesk’s InfraWorks has been affected by third-party component vulnerabilities. Exploitation of these vulnerabilities could lead to remote code execution and/or denial-of-service to the software and user devices.
2024-05-15
ADSK-SA-2024-0007
Autodesk is aware of the XZ security vulnerabilities. Refer to our security advisory for a comprehensive list of potentially impacted Autodesk products and services, along with our current recommendations.
2024-04-08
ADSK-SA-2024-0006
Autodesk DWG TrueView product has been affected by Stack-based Overflow vulnerability.
2024-03-14
ADSK-SA-2024-0005
Applications and services utilizing the Autodesk FBX Review software have been affected by an Out-Of-Bounds Write vulnerability. Exploitation of these vulnerabilities may lead to code execution.
2024-03-14
ADSK-SA-2024-0004
Autodesk AutoCAD and certain AutoCAD-based products may be affected by Out-of-Bounds write, Stack-based Overflow, Heap based Overflow, Use-After-Free, Memory Corruption, Untrusted Pointer Dereference, Heap-based Buffer Overf
2024-02-29
ADSK-SA-2024-0003
Autodesk Desktop Licensing Service has been affected by a reachable assertion vulnerability detailed below. Exploitation of this vulnerability could lead to denial of service due to multiple assertions.
2024-02-22
ADSK-SA-2024-0002
ZDI published zero-day vulnerabilities on February 12th for versions of Autodesk AutoCAD products. Fixes for these vulnerabilities will be issued for affected versions of AutoCAD in an upcoming release. Please note, this adv
2024-02-14
ADSK-SA-2024-0001
Autodesk InfraWorks has been affected by multiple vulnerabilities detailed below. Exploitation of these vulnerabilities may lead to remote code execution and/or denial-of-service to the software and user devices. Hotfixes ar
2024-01-31
ADSK-SA-2023-0025
Autodesk FBX SDK is affected by an Out-of-Bounds Write vulnerability. Exploitation of this vulnerability may lead to code execution. Exploitation of this vulnerability requires user interaction.
2024-12-09
ADSK-SA-2023-0024
Autodesk InfoWorks WS Pro and InfoWorks ICM have been affected by multiple vulnerabilities detailed below. Exploitation of these vulnerabilities may lead to remote code execution and/or denial of service to the software and
2023-12-22
ADSK-SA-2023-0023
Autodesk® Infrastructure Parts Editor has been affected by third party component vulnerabilities. Exploitation of these vulnerabilities could lead to code execution and/or denial-of-service.
2023-12-05
ADSK-SA-2023-0022
Autodesk Desktop Licensing Service has been affected by multiple vulnerabilities detailed below. Exploitation of these vulnerabilities could lead to code execution due to weak permissions.
2023-11-27
ADSK-SA-2023-0021
Autodesk has revoked the certificate on August 5th for all software code signed after July 10, 2022 (00:00 GMT). Autodesk has issued updates signed using a new digital certificate for AutoCAD-based products. Please note, onl
2023-11-15
ADSK-SA-2023-0020
This advisory is about access to support case data via the Autodesk Customer Portal for all Autodesk products.
2023-10-19
ADSK-SA-2023-0019
Applications and services utilizing Autodesk Civil 3D have been affected by a LibXml2 vulnerability.
2023-08-29
ADSK-SA-2023-0018
Autodesk AutoCAD and certain AutoCAD-based products have been affected by Out-of-Bounds Write, Heap-based Buffer Overflow, Untrusted Pointer Dereference, and Memory Corruption vulnerabilities.
2023-08-24
ADSK-SA-2023-0017
Autodesk® applications and services that utilize the PSKernel Component may be affected by Out-of-Bounds Read, Integer Overflow and Memory Corruption Write vulnerabilities. Exploitation of these vulnerabilities may lead to c
2023-07-27
ADSK-SA-2023-0016
Autodesk FeatureCAM software has been affected by Memory Corruption vulnerabilities. Exploitation of these vulnerabilities may lead to code execution and/or denial-of-service. Autodesk
2023-06-23
ADSK-SA-2023-0015
Autodesk products leveraging internal components, Autodesk Material Management, and those implicitly importing vulnerable versions expat and libcurl may be impacted by Out-of-bound Write, User-After-Free, Information Disclos
2023-06-23
ADSK-SA-2023-0014
Applications and services utilizing Autodesk Civil3D have been affected by an SQLite vulnerability.
2023-06-20
ADSK-SA-2023-0013
Applications and services utilizing the Autodesk Desktop Connector have been affected by a Privilege Escalation vulnerability.
2023-06-19
ADSK-SA-2023-0012
Autodesk InfraWorks has been affected by multiple vulnerabilities detailed below. Exploitation of these vulnerabilities may lead to remote code execution and/or denial-of-service to the software and user devices. Hotfixes ar
2023-06-14
ADSK-SA-2023-0011
Autodesk® Desktop Licensing Installer has been affected by privilege escalation vulnerabilities. Exploitation of these vulnerabilities could lead to code execution due to weak permissions.
2023-06-12
ADSK-SA-2023-0010
Applications and services utilizing the Autodesk installer have been affected by a Privilege Escalation vulnerability.
2023-04-25
ADSK-SA-2023-0009
Multiple Autodesk products have been affected by out-of-bound-read, out-of-bound-write, Integer Overflow, and Memory Corruption vulnerabilities.
2023-04-23
ADSK-SA-2023-0008
USD (Universal Scene Description) plugin for Autodesk® 3ds Max® has been affected by file-parsing uninitialized variable, use-after-free, out-of-bounds read, and out-of-bounds write vulnerabilities.
2023-04-27
ADSK-SA-2023-0007
Autodesk® InfraWorks® has been affected by multiple vulnerabilities detailed below. Exploitation of these vulnerabilities may lead to remote code execution and/or denial-of-service to the software and user devices. Hotfixes
2023-04-17
ADSK-SA-2023-0006
Applications and services utilizing Autodesk InfraWorks have been affected by a use-after-free vulnerability. The exploitation of these vulnerabilities may lead to code execution. Hotfixes are available in the Autodesk Deskt
2023-04-17
ADSK-SA-2023-0005
Multiple Autodesk® AutoCAD® and AutoCAD-based products have been affected by Out-of-Bounds Read, Integer Overflow, Stack Buffer Overflow, Memory Corruption Read, and Memory Corruption Write vulnerabilities.
2023-04-06
ADSK-SA-2023-0004
Applications and services utilizing the Autodesk® FBX® SDK software have been affected by an Out-Of-Bounds Write and Stack Buffer Overflow vulnerabilities. Exploitation of these vulnerabilities may lead to information disclo
2023-03-29
ADSK-SA-2023-0003
USD (Universal Scene Description) plugin for Autodesk® Maya® has been affected by a file uninitialized variable, out-of-bounds read, and out-of-bounds write vulnerabilities.
2023-03-29
ADSK-SA-2023-0002
Applications and services that utilize Sketchup components used by Autodesk products may be impacted by Use-after-free vulnerability.
2023-03-25
ADSK-SA-2022-0025
Applications and services that utilize Image Processing component used by Autodesk products may be impacted by Out-of-bound Read, Heap-based Overflow, Out-of-bound Write, Memory corruption, and Use-after-free vulnerabilities
2022-12-14
ADSK-SA-2022-0024
DWG TrueView™ product has been affected by a Search Order Hijacking vulnerability.
2022-11-15
ADSK-SA-2022-0023
Autodesk products leveraging the third-party component Zlib, and those implicitly importing vulnerable versions of Zlib, may be impacted by Out-of-bound Write vulnerability.
2022-09-23
ADSK-SA-2022-0022
Applications and services utilizing the Autodesk® FBX® SDK software have been affected by an Out-Of-Bounds Read, Out-Of-Bounds Write, and Use-After-Free vulnerabilities. Exploitation of these vulnerabilities may lead to code
2022-09-14
ADSK-SA-2022-0021
Applications and Services that utilize Autodesk Design Review and AutoCAD products may be affected by Heap Based Overflow and Memory Corruption vulnerabilities. Exploitation of these vulnerabilities could lead to remote code
2022-09-22
ADSK-SA-2022-0020
Multiple Autodesk AutoCAD, AutoCAD-based products, and Maya have been affected by Out-of-bound Read, Out-of-bound Write, Use of Uninitialized Variable, Heap based Buffer Overflow, and Memory Corruption vulnerabilities.
2022-09-22
ADSK-SA-2022-0017
Autodesk products leveraging internal components, Autodesk Material Management and thus implicitly importing vulnerable versions expat and libcurl may be impacted by Out-of-bound Read, User-After-Free, NULL Pointer Dereferen
2022-07-28
ADSK-SA-2022-0016
Autodesk products and dependent application, services using OpenSSL component may be impacted by Loop with Unreachable Exit Condition ('Infinite Loop') vulnerabilities. Exploitation of these vulnerabilities may lead to code
2022-07-28
ADSK-SA-2022-0015
Autodesk® desktop app (ADA) product have been affected by Improper Privilege Management vulnerability detailed below. Exploitation of these vulnerabilities may lead to code execution and/or denial-of-service to the software
2022-07-22
ADSK-SA-2022-0014
Multiple Autodesk products have been affected by Out-of-bound Read vulnerability.
2022-07-14
ADSK-SA-2022-0013
Autodesk® Fusion 360® has been affected by XML External Entities (XXE) vulnerabilities detailed below. Exploitation of these vulnerabilities may lead to remote code execution and/or denial-of-service to the software and user
2022-06-13
ADSK-SA-2022-0012
Autodesk® InfraWorks® has been affected by multiple vulnerabilities detailed below. Exploitation of these vulnerabilities may lead to remote code execution and/or denial-of-service to the software and user devices. Hotfixes
2022-06-03
ADSK-SA-2022-0011
Applications and Services that utilize versions of PDFTron prior to 9.1.17 may be impacted by Heap-based Buffer Overflow, and Untrusted Pointer Dereference vulnerabilities.
2022-05-25
ADSK-SA-2022-0010
Applications and services that utilize Autodesk 3ds Max may be affected by Out-of-bound Read/Write vulnerabilities. Exploitation of these vulnerabilities may lead to remote code execution.
2022-05-04
ADSK-SA-2022-0009
Applications and Services that utilize Autodesk Design Review may be affected by Double Free, and Out-of-bound Read/Write vulnerabilities. Exploitation of these vulnerabilities could lead to remote code execution.
2022-04-28
ADSK-SA-2022-0008
Autodesk® InfraWorks® has been affected by multiple vulnerabilities detailed below. Exploitation of these vulnerabilities may lead to remote code execution and/or denial-of-service to the software and user devices. Hotfixes
2022-04-20
ADSK-SA-2022-0007
Applications and Services that utilize certain Autodesk products are affected by Out-of-bounds Read, Out-of-bounds Write, untrusted pointer Dereference, and memory corruption vulnerabilities. Exploitation of these vulnerabil
2022-02-28
ADSK-SA-2022-0006
Applications and services utilizing the Autodesk FBX Review have been affected by an Out-Of-Bounds Read vulnerability. Exploitation of these vulnerabilities may lead to code execution and/or denial-of-service.
2022-02-28
ADSK-SA-2022-0005
Multiple Autodesk products have been affected by Use After Free, Out-of-bound-write, Stack-based Buffer, Memory Corruption, and Buffer Overflow vulnerabilities.
2022-02-28
ADSK-SA-2022-0004
Applications and services that utilize Autodesk Design Review, Advance Steel, Civil 3D® and AutoCAD products may be affected by Double Free, Heap Overflow, Out-of-bound Read/Write, Use-After-Free, and Type Confusion vulnerab
2022-01-14
ADSK-SA-2022-0003
Applications and Services that utilize the Log4net.dll earlier than 2.0.10 version can be impacted by Improper Restriction of XML External Entity Reference ('XXE') vulnerabilities.
2022-01-12
ADSK-SA-2022-0002
Applications and Services that utilize certain Autodesk products may be affected by Out-of-bounds Read, Out-of-bounds Write, and Information disclosure vulnerabilities. Exploitation of these vulnerabilities in conjunction wi
2022-01-12
ADSK-SA-2022-0001
Autodesk® InfraWorks® has been affected by multiple vulnerabilities detailed below. Exploitation of these vulnerabilities may lead to remote code execution and/or denial-of-service to the software and user devices. Hotfixes
2022-01-13
ADSK-SA-2021-0012
Autodesk is aware of the Apache Log4j security vulnerabilities. Refer to the products and services list in the security advisory for the remediation status.
2021-12-23
ADSK-SA-2021-0011
Applications and Services that utilize Image Processing component used by Autodesk products may be impacted by Out-of-bound Read, Heap based Overflow, Out-of-bound Write, Memory corruption, and Use-after-free vulnerabilities
2021-12-06
ADSK-SA-2021-0010
Applications and Services that utilize versions of PDFTron prior to 9.0.7 may be impacted by out-of-bound read and memory corruption vulnerabilities.
2021-12-06
ADSK-SA-2021-0009
Applications and Services that utilize Autodesk Navisworks may be affected by Out-of-bounds Read and Out-of-bounds Write vulnerabilities. Exploitation of these vulnerabilities could lead to code execution.
2021-09-13
ADSK-SA-2021-0008
Applications and Services that utilize Autodesk Navisworks may be affected by Out-of-bounds Read, Memory Corruption vulnerabilities. Exploitation of these vulnerabilities could lead to code execution.
2021-09-13
ADSK-SA-2021-0007
Autodesk® Infrastructure Parts Editor has been affected by third party component vulnerabilities. Exploitation of these vulnerabilities could lead to code execution and/or denial-of-service.
2021-08-31
ADSK-SA-2021-0006
A variant of a MAXScript exploit "MSCPROP.DLL" has been identified and a free plugin is now available in the Autodesk App Store to help detect and resolve potential issues caused by this malicious code.
2021-07-15
ADSK-SA-2021-0005
Autodesk® InfraWorks has been affected by multiple vulnerabilities. Exploitation of these vulnerabilities could lead to remote code execution and/or denial-of-service to the software and user devices.
2021-06-18
ADSK-SA-2021-0004
Applications and Services that utilize Autodesk AutoCAD products are affected by Out-of-bound Read, Out-of-bound Write, and Memory Corruption vulnerabilities. Exploitation of these vulnerabilities could lead to arbitrary cod
2021-06-17
ADSK-SA-2021-0003
Applications and Services that utilize Autodesk Design Review may be affected by Double Free, Heap Overflow, Out-of-bound Read/Write, Use-After-Free, Type Confusion, and Uninitialized Variable vulnerabilities. Exploitation o
2021-06-14
ADSK-SA-2021-0002
Autodesk® Desktop Licensing Installer has been affected by Privilege Escalation vulnerabilities. Exploitation of these vulnerabilities could lead to code execution due to weak permissions.
2021-06-14
ADSK-SA-2021-0001
Applications and Services that utilize the Autodesk FBX Review have been affected by Use-After-Free, Memory Corruption, Out-Of-Bounds Read, Untrusted Pointer Dereference, and Directory Traversal vulnerabilities. Exploitation
2021-04-15
ADSK-SA-2020-0006
Autodesk® InfraWorks has been affected by Use-After-Free and XML Entity Expansion vulnerabilities. Exploitation of these vulnerabilities could lead to remote code execution and/or denial-of-service.
2024-10-30
ADSK-SA-2020-0005
A variant of a MAXScript exploit "PhysXPluginMfx" has been identified and a free plugin is now available in the Autodesk App Store to help detect and resolve potential issues caused by this malicious code.
2020-10-08
ADSK-SA-2020-0004
Autodesk InfraWorks has been affected by heap overflow, code injection, out-of-bounds read, and stack-based buffer overflow vulnerabilities in the libcurl component.
2020-06-25
ADSK-SA-2020-0003
A third-party malicious script was identified and a fix has been made available. The script can execute malicious code that can corrupt the Maya environment, cause data loss and instability, as well as spread to other system
2020-05-20
ADSK-SA-2020-0002
Applications and Services that utilize the FBX-SDK Ver. 2020.0 or earlier can be impacted by buffer overflow, type confusion, use-after-free, integer overflow, NULL pointer dereference, and heap overflow vulnerabilities.
2020-04-15
ADSK-SA-2020-0001
Autodesk® Dynamo BIM is affected by an improper signature validation vulnerability which may lead to code execution through maliciously crafted DLL files.
2020-04-01
ADSK-SA-2019-0005
A variant of a MAXScript exploit was identified and a fix has been made available. The exploit can execute malicious code that can corrupt the 3ds Max environment, cause data loss and instability, as well as spread to other systems.
2020-01-09
ADSK-SA-2019-0004
Autodesk Desktop Application is affected by a DLL preloading vulnerability.
2019-11-29
ADSK-SA-2019-0003
FBX is affected by a buffer overflow vulnerability which may lead to arbitrary code execution on a system running it.
2019-10-30
ADSK-SA-2019-0002
Multiple Autodesk products have been affected by DLL preloading and use-after-free vulnerabilities.
2019-08-16
ADSK-SA-2019-0001
Multiple Autodesk® AutoCAD® products have been affected by heap overflow, use-after-free, and deserialization vulnerabilities.
2019-02-14
ADSK-SA-2017-001
The Autodesk® Backburner 2016 service command line interface accepts a set of remote telnet commands. When insufficient number of arguments are passed, it fails to handle a specific command request which results in an unhandled Null Dereference...
2017-02-17
ADSK-SA-2016-02
Vulnerabilities were identified in the Autodesk® Design Review 2013 application that can result in arbitrary and unauthorized remote code execution.
2016-12-14
ADSK-SA-2016-01
Applications and Services that utilize the Autodesk® FBX-SDK Ver. 2017.0 or earlier for processing FBX, DXF, DAE and 3DS formatted files can be impacted by vulnerabilities related to improper memory allocation when opening malformed files.
2016-05-12
Avoid software failure, increased exposure to malware, and associated risks by using genuine Autodesk software. Visit Autodesk Genuine to learn more.