AutoDesk Inventor

Out-of-Bounds Write in Autodesk Inventor via Malicious CATPART File
CVE-2026-0874 7.8 - High - February 18, 2026

A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Memory Corruption

Autodesk Inventor OOB Write via Malicious CATPART
CVE-2025-10884 7.8 - High - December 15, 2025

AA maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Memory Corruption

Autodesk Inventor: SLDPRT Memory Corruption Enables Remote Code Execution
CVE-2025-9456 7.8 - High - December 15, 2025

A maliciously crafted SLDPRT file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Memory Corruption

Autodesk Inventor OOB Write via Malicious PRT (CVE-2025-6631)
CVE-2025-6631 7.8 - High - July 29, 2025

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Autodesk Inventor OOB Write in PRT Parser (CVE-2025-6637)
CVE-2025-6637 7.8 - High - July 29, 2025

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Autodesk App RCE via Untrusted Search Path
CVE-2025-5039 7.8 - High - July 24, 2025

A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized.

Autodesk DWG OOB Write via Malicious DWG
CVE-2025-1276 7.8 - High - April 15, 2025

A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Memory Corruption

Heap Overflow in Autodesk Inventor via ODXSW_DLL.dll SLDPRT
CVE-2024-23154 - June 25, 2024

A maliciously crafted SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Memory Corruption

Autodesk Inventor STP File Memory Corrupt via ASMIMPORT DLL - CVE-2024-23131
CVE-2024-23131 - February 22, 2024

A maliciously crafted STP file, when parsed in ASMIMPORT229A.dll, ASMKERN228A.dll, ASMkern229A.dll or ASMDATAX228A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.

Memory Corruption via Malicious File in pskernel.dll (Code Exec)
CVE-2023-29068 7.8 - High - June 27, 2023

A maliciously crafted file consumed through pskernel.dll file could lead to memory corruption vulnerabilities. These vulnerabilities in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Memory Corruption

Autodesk pskernel.dll Integer Overflow -> Code Execution
CVE-2023-25004 7.8 - High - June 27, 2023

A maliciously crafted pskernel.dll file in Autodesk products is used to trigger integer overflow vulnerabilities. Exploitation of these vulnerabilities may lead to code execution.

Integer Overflow or Wraparound

Autodesk AutoCAD/Maya pskernel.dll OOB Read/Write Code Exec
CVE-2023-25003 7.8 - High - June 23, 2023

A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities. Exploitation of this vulnerability may lead to code execution.

Out-of-bounds Read

Autodesk Image Processing TIFF Buffer Overflow Exec
CVE-2021-40162 7.8 - High - October 07, 2022

A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.

Out-of-bounds Read

Memory Corruption in Autodesk ImageProcessing DLL Enables Code Execution
CVE-2021-40163 7.8 - High - October 07, 2022

A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing component.

Memory Corruption

ImageMagick heap overflow via TIFF/PICT/TGA parsing
CVE-2021-40164 7.8 - High - October 07, 2022

A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.

Memory Corruption

Autodesk Image Processing: Buffer Overflow in TIFF Parsing
CVE-2021-40165 7.8 - High - October 07, 2022

A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocated buffer while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.

Memory Corruption

Autodesk Image Processing PNG Free-After-Free Exploit
CVE-2021-40166 7.8 - High - October 07, 2022

A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute arbitrary code.

Dangling pointer

A maliciously crafted JT file in Autodesk AutoCAD 2022 may be used to write beyond the allocated buffer while parsing JT files
CVE-2022-25788 7.8 - High - April 19, 2022

A maliciously crafted JT file in Autodesk AutoCAD 2022 may be used to write beyond the allocated buffer while parsing JT files. This vulnerability can be exploited to execute arbitrary code.

Memory Corruption

An Information Disclosure vulnerability for JT files in Autodesk Inventor 2022
CVE-2021-40159 7.8 - High - January 25, 2022

An Information Disclosure vulnerability for JT files in Autodesk Inventor 2022, 2021, 2020, 2019 in conjunction with other vulnerabilities may lead to code execution through maliciously crafted JT files in the context of the current process.

Information Disclosure

A maliciously crafted JT file in Autodesk Inventor 2022
CVE-2021-40158 7.8 - High - January 25, 2022

A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2019 and AutoCAD 2022 may be forced to read beyond allocated boundaries when parsing the JT file. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Out-of-bounds Read