AutoDesk 3ds Max
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in AutoDesk 3ds Max.
By the Year
In 2026 there have been 7 vulnerabilities in AutoDesk 3ds Max with an average score of 7.8 out of ten. Last year, in 2025 3ds Max had 6 security vulnerabilities published. That is, 1 more vulnerability have already been reported in 2026 as compared to last year. Interestingly, the average vulnerability score and the number of vulnerabilities for 2026 and last year was the same.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 7 | 7.80 |
| 2025 | 6 | 7.80 |
| 2024 | 1 | 0.00 |
| 2023 | 1 | 7.80 |
| 2022 | 4 | 7.80 |
It may take a day or so for new 3ds Max vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent AutoDesk 3ds Max Security Vulnerabilities
Stack Overflow via Malicious GIF in Autodesk 3ds Max
CVE-2026-0536
7.8 - High
- February 04, 2026
A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Memory Corruption
Untrusted Search Path in Autodesk 3ds Max triggers arbitrary code exec
CVE-2026-0662
7.8 - High
- February 04, 2026
A maliciously crafted project directory, when opening a max file in Autodesk 3ds Max, could lead to execution of arbitrary code in the context of the current process due to an Untrusted Search Path being utilized.
Untrusted Path
Autodesk 3ds Max GIF Stack Buffer Overflow CVE-2026-0660
CVE-2026-0660
7.8 - High
- February 04, 2026
A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Stack Overflow
Memory Corruption in Autodesk 3ds Max via RGB File
CVE-2026-0661
7.8 - High
- February 04, 2026
A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Memory Corruption
Autodesk 3ds Max RGB Parser Memory Corruption Code Execution
CVE-2026-0537
7.8 - High
- February 04, 2026
A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Memory Corruption
Autodesk 3ds Max GIF OOB Write Enables Arbitrary Code Exec
CVE-2026-0538
7.8 - High
- February 04, 2026
A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Memory Corruption
Autodesk Arnold/3ds Max OOB Write via Malicious USD
CVE-2026-0659
7.8 - High
- February 04, 2026
A maliciously crafted USD file, when loaded or imported into Autodesk Arnold or Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Memory Corruption
Autodesk 3ds Max OOB Write via malicious MODEL file
CVE-2025-10899
7.8 - High
- December 15, 2025
AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Memory Corruption
Use-After-Free in Autodesk 3ds Max DWG Parser allows arbitrary code exec
CVE-2025-11797
7.8 - High
- November 12, 2025
A maliciously crafted DWG file, when parsed through Autodesk 3ds Max, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Dangling pointer
Autodesk 3ds Max OOB Write via Malformed JPG (CVE-2025-11795)
CVE-2025-11795
7.8 - High
- November 12, 2025
A maliciously crafted JPG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Memory Corruption
Memory Corruption RCE via Malicious TGA in Autodesk 3ds Max
CVE-2025-6634
7.8 - High
- August 06, 2025
A maliciously crafted TGA file, when linked or imported into Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
3ds Max OOB Read via PSD Import
CVE-2025-6632
7.8 - High
- August 06, 2025
A maliciously crafted PSD file, when linked or imported into Autodesk 3ds Max, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Autodesk 3ds Max OOB Write via Malicious RBG File
CVE-2025-6633
7.8 - High
- August 06, 2025
A maliciously crafted RBG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Autodesk 3ds Max OOB Read/Write via Malformed 3DM Files
CVE-2024-23143
- June 25, 2024
A maliciously crafted 3DM, MODEL and X_B file, when parsed in ASMkern229A.dll and ASMBASE229A.dll through Autodesk applications, can force an Out-of-Bound Read and/or Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of the current process.
Out-of-bounds Read
SketchUp Use-After-Free via Malicious SKP (CVE-2023-25002)
CVE-2023-25002
7.8 - High
- June 27, 2023
A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.
Dangling pointer
Stack Buffer Overflow in 3ds Max ActionScript Bytecode Parser Enables Code Exec
CVE-2022-25793
7.8 - High
- August 10, 2022
A Stack-based Buffer Overflow Vulnerability in Autodesk 3ds Max 2022, 2021, and 2020 may lead to code execution through the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer when parsing ActionScript Byte Code files. This vulnerability may allow arbitrary code execution on affected installations of Autodesk 3ds Max.
Improper Validation of Specified Quantity in Input
Autodesk AutoCAD product suite
CVE-2022-27871
7.8 - High
- June 21, 2022
Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9.1.17 version may be used to write beyond the allocated buffer while parsing PDF files. This vulnerability may be exploited to execute arbitrary code.
Allocation of Resources Without Limits or Throttling
A maliciously crafted TIF file in Autodesk 3ds Max 2022 and 2021 can be used to write beyond the allocated buffer while parsing TIF files
CVE-2022-27532
7.8 - High
- June 16, 2022
A maliciously crafted TIF file in Autodesk 3ds Max 2022 and 2021 can be used to write beyond the allocated buffer while parsing TIF files. This vulnerability in conjunction with other vulnerabilities could lead to arbitrary code execution.
Memory Corruption
A maliciously crafted TIF file
CVE-2022-27531
7.8 - High
- June 16, 2022
A maliciously crafted TIF file can be forced to read beyond allocated boundaries in Autodesk 3ds Max 2022, and 2021 when parsing the TIF files. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
Out-of-bounds Read
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for AutoDesk 3ds Max or by AutoDesk? Click the Watch button to subscribe.
