Navisworks Autodesk Navisworks

Do you want an email whenever new security vulnerabilities are reported in Autodesk Navisworks?

By the Year

In 2024 there have been 0 vulnerabilities in Autodesk Navisworks . Last year Navisworks had 5 security vulnerabilities published. Right now, Navisworks is on track to have less security vulnerabilities in 2024 than it did last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 5 7.80
2022 13 7.80
2021 6 7.80
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Navisworks vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Autodesk Navisworks Security Vulnerabilities

A maliciously crafted SKP file in Autodesk Navisworks 2023 and 2022 be used to trigger use-after-free vulnerability

CVE-2023-25001 7.8 - High - June 27, 2023

A maliciously crafted SKP file in Autodesk Navisworks 2023 and 2022 be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.

Dangling pointer

A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability

CVE-2023-25002 7.8 - High - June 27, 2023

A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.

Dangling pointer

A maliciously crafted pskernel.dll file in Autodesk products is used to trigger integer overflow vulnerabilities

CVE-2023-25004 7.8 - High - June 27, 2023

A maliciously crafted pskernel.dll file in Autodesk products is used to trigger integer overflow vulnerabilities. Exploitation of these vulnerabilities may lead to code execution.

Integer Overflow or Wraparound

A maliciously crafted file consumed through pskernel.dll file could lead to memory corruption vulnerabilities

CVE-2023-29068 7.8 - High - June 27, 2023

A maliciously crafted file consumed through pskernel.dll file could lead to memory corruption vulnerabilities. These vulnerabilities in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Memory Corruption

A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities

CVE-2023-25003 7.8 - High - June 23, 2023

A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities. Exploitation of this vulnerability may lead to code execution.

Out-of-bounds Read

A maliciously crafted TIF

CVE-2021-40162 7.8 - High - October 07, 2022

A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.

Out-of-bounds Read

A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing component.

CVE-2021-40163 7.8 - High - October 07, 2022

A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing component.

Memory Corruption

A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files

CVE-2021-40164 7.8 - High - October 07, 2022

A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.

Memory Corruption

A maliciously crafted TIFF

CVE-2021-40165 7.8 - High - October 07, 2022

A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocated buffer while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.

Memory Corruption

A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object

CVE-2021-40166 7.8 - High - October 07, 2022

A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute arbitrary code.

Dangling pointer

A maliciously crafted PDF file may be used to dereference a pointer for read or write operation while parsing PDF files in Autodesk Navisworks 2022

CVE-2022-27872 7.8 - High - June 21, 2022

A maliciously crafted PDF file may be used to dereference a pointer for read or write operation while parsing PDF files in Autodesk Navisworks 2022. The vulnerability exists because the application fails to handle a crafted PDF file, which causes an unhandled exception. An attacker can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code.

Improper Handling of Exceptional Conditions

Autodesk AutoCAD product suite

CVE-2022-27871 7.8 - High - June 21, 2022

Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9.1.17 version may be used to write beyond the allocated buffer while parsing PDF files. This vulnerability may be exploited to execute arbitrary code.

Allocation of Resources Without Limits or Throttling

A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files

CVE-2022-27527 7.8 - High - April 19, 2022

A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files. It was fixed in PDFTron earlier than 9.0.7 version in Autodesk Navisworks 2022, and 2020.

Memory Corruption

A maliciously crafted DWFX and SKP files in Autodesk Navisworks 2022 can be used to trigger use-after-free vulnerability

CVE-2022-27528 7.8 - High - April 11, 2022

A maliciously crafted DWFX and SKP files in Autodesk Navisworks 2022 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.

Dangling pointer

A maliciously crafted DWF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022

CVE-2022-25790 7.8 - High - April 11, 2022

A maliciously crafted DWF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated boundaries when parsing the DWF files. Exploitation of this vulnerability may lead to code execution.

Memory Corruption

A Memory Corruption vulnerability for DWF and DWFX files in Autodesk AutoCAD 2022

CVE-2022-25791 7.8 - High - April 11, 2022

A Memory Corruption vulnerability for DWF and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 may lead to code execution through maliciously crafted DLL files.

Memory Corruption

A maliciously crafted DXF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022

CVE-2022-25792 7.8 - High - April 11, 2022

A maliciously crafted DXF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated buffer through Buffer overflow vulnerability. This vulnerability can be exploited to execute arbitrary code.

Memory Corruption

A Double Free vulnerability

CVE-2022-25796 7.8 - High - April 11, 2022

A Double Free vulnerability allows remote malicious actors to execute arbitrary code on DWF file in Autodesk Navisworks 2022 within affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Double-free

PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file

CVE-2021-40160 7.8 - High - December 23, 2021

PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file. This vulnerability can be exploited to execute arbitrary code.

Out-of-bounds Read

A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version.

CVE-2021-40161 7.8 - High - December 23, 2021

A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version.

Memory Corruption

A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022

CVE-2021-40156 7.8 - High - September 15, 2021

A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to write beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execute arbitrary code.

Memory Corruption

A maliciously crafted PDF file in Autodesk Navisworks 2019, 2020, 2021, 2022

CVE-2021-27045 7.8 - High - September 15, 2021

A maliciously crafted PDF file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsing the PDF file. This vulnerability can be exploited to execute arbitrary code.

Out-of-bounds Read

A Memory Corruption vulnerability for PDF files in Autodesk Navisworks 2019

CVE-2021-27046 7.8 - High - September 15, 2021

A Memory Corruption vulnerability for PDF files in Autodesk Navisworks 2019, 2020, 2021, 2022 may lead to code execution through maliciously crafted DLL files.

Memory Corruption

A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022

CVE-2021-40155 7.8 - High - September 15, 2021

A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execute arbitrary code.

Out-of-bounds Read

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Autodesk Navisworks or by Autodesk? Click the Watch button to subscribe.

Autodesk
Vendor

subscribe