AutoDesk 3ds Max
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in AutoDesk 3ds Max.
By the Year
In 2026 there have been 12 vulnerabilities in AutoDesk 3ds Max with an average score of 7.6 out of ten. Last year, in 2025 3ds Max had 7 security vulnerabilities published. That is, 5 more vulnerabilities have already been reported in 2026 as compared to last year. Last year, the average CVE base score was greater by 0.18
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 12 | 7.62 |
| 2025 | 7 | 7.80 |
| 2024 | 1 | 0.00 |
| 2023 | 1 | 7.80 |
| 2022 | 4 | 7.80 |
It may take a day or so for new 3ds Max vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent AutoDesk 3ds Max Security Vulnerabilities
Autodesk 3ds Max WRL File Memory Corruption CVE-2026-7454
CVE-2026-7454
7.8 - High
- May 26, 2026
A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Classic Buffer Overflow
3ds Max Stack Exhaustion via Malicious WRL File
CVE-2026-7453
5.5 - Medium
- May 26, 2026
A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can cause a Stack Exhaustion vulnerability, leading to a denial-of-service condition.
Stack Exhaustion
Autodesk 3ds Max WRL Memory Corruption CVE-2026-7452
CVE-2026-7452
7.8 - High
- May 26, 2026
A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Classic Buffer Overflow
Autodesk 3ds Max TIF OOBW Vulnerability
CVE-2026-7451
7.8 - High
- May 26, 2026
A maliciously crafted TIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Memory Corruption
Autodesk 3ds Max PAR File NULL Pointer Deref DoS
CVE-2026-7450
5.5 - Medium
- May 26, 2026
A maliciously crafted PAR file, when parsed through Autodesk 3ds Max, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to a denial-of-service condition.
NULL Pointer Dereference
Stack Overflow via Malicious GIF in Autodesk 3ds Max
CVE-2026-0536
7.8 - High
- February 04, 2026
A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Memory Corruption
Untrusted Search Path in Autodesk 3ds Max triggers arbitrary code exec
CVE-2026-0662
7.8 - High
- February 04, 2026
A maliciously crafted project directory, when opening a max file in Autodesk 3ds Max, could lead to execution of arbitrary code in the context of the current process due to an Untrusted Search Path being utilized.
Untrusted Path
Autodesk 3ds Max GIF Stack Buffer Overflow CVE-2026-0660
CVE-2026-0660
8.4 - High
- February 04, 2026
A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Stack Overflow
Memory Corruption in Autodesk 3ds Max via RGB File
CVE-2026-0661
8.4 - High
- February 04, 2026
A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Memory Corruption
Autodesk 3ds Max RGB Parser Memory Corruption Code Execution
CVE-2026-0537
8.4 - High
- February 04, 2026
A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Memory Corruption
Autodesk 3ds Max GIF OOB Write Enables Arbitrary Code Exec
CVE-2026-0538
8.4 - High
- February 04, 2026
A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Memory Corruption
Autodesk Arnold/3ds Max OOB Write via Malicious USD
CVE-2026-0659
7.8 - High
- February 04, 2026
A maliciously crafted USD file, when loaded or imported into Autodesk Arnold or Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Memory Corruption
Autodesk 3ds Max OOB Write via malicious MODEL file
CVE-2025-10899
7.8 - High
- December 15, 2025
AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Memory Corruption
Use-After-Free in Autodesk 3ds Max DWG Parser allows arbitrary code exec
CVE-2025-11797
7.8 - High
- November 12, 2025
A maliciously crafted DWG file, when parsed through Autodesk 3ds Max, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Dangling pointer
Autodesk 3ds Max OOB Write via Malformed JPG (CVE-2025-11795)
CVE-2025-11795
7.8 - High
- November 12, 2025
A maliciously crafted JPG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Memory Corruption
3ds Max OOB Read via PSD Import
CVE-2025-6632
7.8 - High
- August 06, 2025
A maliciously crafted PSD file, when linked or imported into Autodesk 3ds Max, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Memory Corruption RCE via Malicious TGA in Autodesk 3ds Max
CVE-2025-6634
7.8 - High
- August 06, 2025
A maliciously crafted TGA file, when linked or imported into Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Autodesk 3ds Max OOB Write via Malicious RBG File
CVE-2025-6633
7.8 - High
- August 06, 2025
A maliciously crafted RBG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Autodesk App RCE via Untrusted Search Path
CVE-2025-5039
7.8 - High
- July 24, 2025
A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized.
Untrusted Path
Autodesk 3ds Max OOB Read/Write via Malformed 3DM Files
CVE-2024-23143
- June 25, 2024
A maliciously crafted 3DM, MODEL and X_B file, when parsed in ASMkern229A.dll and ASMBASE229A.dll through Autodesk applications, can force an Out-of-Bound Read and/or Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of the current process.
Out-of-bounds Read
SketchUp Use-After-Free via Malicious SKP (CVE-2023-25002)
CVE-2023-25002
7.8 - High
- June 27, 2023
A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.
Dangling pointer
Stack Buffer Overflow in 3ds Max ActionScript Bytecode Parser Enables Code Exec
CVE-2022-25793
7.8 - High
- August 10, 2022
A Stack-based Buffer Overflow Vulnerability in Autodesk 3ds Max 2022, 2021, and 2020 may lead to code execution through the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer when parsing ActionScript Byte Code files. This vulnerability may allow arbitrary code execution on affected installations of Autodesk 3ds Max.
Improper Validation of Specified Quantity in Input
Autodesk AutoCAD product suite
CVE-2022-27871
7.8 - High
- June 21, 2022
Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9.1.17 version may be used to write beyond the allocated buffer while parsing PDF files. This vulnerability may be exploited to execute arbitrary code.
Allocation of Resources Without Limits or Throttling
A maliciously crafted TIF file
CVE-2022-27531
7.8 - High
- June 16, 2022
A maliciously crafted TIF file can be forced to read beyond allocated boundaries in Autodesk 3ds Max 2022, and 2021 when parsing the TIF files. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
Out-of-bounds Read
A maliciously crafted TIF file in Autodesk 3ds Max 2022 and 2021 can be used to write beyond the allocated buffer while parsing TIF files
CVE-2022-27532
7.8 - High
- June 16, 2022
A maliciously crafted TIF file in Autodesk 3ds Max 2022 and 2021 can be used to write beyond the allocated buffer while parsing TIF files. This vulnerability in conjunction with other vulnerabilities could lead to arbitrary code execution.
Memory Corruption
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for AutoDesk 3ds Max or by AutoDesk? Click the Watch button to subscribe.
