AutoDesk Revit

Autodesk Revit RFA Type Confusion via Malicious File
CVE-2025-8354 7.8 - High - September 23, 2025

A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Type Confusion vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Object Type Confusion

Autodesk PDF Reader Heap Overflow via Malformed PDF
CVE-2025-8894 7.8 - High - September 16, 2025

A maliciously crafted PDF file, when parsed through certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Heap-based Buffer Overflow

Out-of-Bounds Write in Autodesk PDF Parser via Malicious PDF
CVE-2025-8893 7.8 - High - September 16, 2025

A maliciously crafted PDF file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Memory Corruption

Autodesk App RCE via Untrusted Search Path
CVE-2025-5039 7.8 - High - July 24, 2025

A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized.

Autodesk Revit OOB Read via Malicious RFA File (CVE-2025-5042)
CVE-2025-5042 7.8 - High - July 22, 2025

A maliciously crafted RFA file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Out-of-bounds Read

Revit Memory Corruption via Malicious RFA/RTE/RVT Files
CVE-2025-5037 7.8 - High - July 10, 2025

A maliciously crafted RFA, RTE, or RVT file, when parsed through Autodesk Revit, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Revit RTE Heap Overflow via Malicious RTE File
CVE-2025-5040 7.8 - High - July 10, 2025

A maliciously crafted RTE file, when parsed through Autodesk Revit, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Revit RFA Use-After-Free via Malicious Import
CVE-2025-5036 7.8 - High - June 02, 2025

A maliciously crafted RFA file, when linked or imported into Autodesk Revit, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Autodesk DWG OOB Write via Malicious DWG
CVE-2025-1276 7.8 - High - April 15, 2025

A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Memory Corruption

Autodesk PDF Heap Overflow CVE-2025-1273
CVE-2025-1273 7.8 - High - April 15, 2025

A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Heap-based Buffer Overflow

Revit OOB Write via Malicious RCS File
CVE-2025-1274 7.8 - High - April 15, 2025

A maliciously crafted RCS file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Memory Corruption

Autodesk Image Import (JPG) Heap Overflow via Malicious File
CVE-2025-1275 7.8 - High - April 15, 2025

A maliciously crafted JPG file, when linked or imported into certain Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Memory Corruption

Autodesk PDF Parser Memory Corruption Enables Arbitrary Code Exec
CVE-2025-1277 7.8 - High - April 15, 2025

A maliciously crafted PDF file, when parsed through Autodesk applications, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Classic Buffer Overflow

CVE-2025-1656: Heap Overflow in Autodesk App via Malicious PDF
CVE-2025-1656 7.8 - High - April 15, 2025

A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Heap-based Buffer Overflow

Autodesk Revit DWG Buffer Overflow (Stack-Based)
CVE-2025-2497 7.8 - High - April 15, 2025

A maliciously crafted DWG file, when parsed through Autodesk Revit, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Memory Corruption

Autodesk Revit DLL Search Order Hijacking Vulnerability
CVE-2024-11454 7.8 - High - December 09, 2024

A maliciously crafted DLL file, when placed in the same directory as an RVT file could be loaded by Autodesk Revit, and execute arbitrary code in the context of the current process due to an untrusted search patch being utilized.

Untrusted Path

Autodesk Revit PDF Parsing Out-of-Bounds Read Vulnerability
CVE-2024-11268 5.5 - Medium - December 09, 2024

A maliciously crafted PDF file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash or could lead to an arbitrary memory leak.

Out-of-bounds Read

Autodesk Revit SKP File Heap-based Overflow Vulnerability
CVE-2024-11608 7.8 - High - December 09, 2024

A maliciously crafted SKP file, when linked or imported into Autodesk Revit, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Memory Corruption

Out-of-Bounds Write in Autodesk Revit PDF Parser
CVE-2024-7993 7.8 - High - October 16, 2024

A maliciously crafted PDF file, when parsed through Autodesk Revit, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Memory Corruption

CVE-2024-7994: Stack Overflow in Autodesk Revit RFA Parser
CVE-2024-7994 7.8 - High - October 16, 2024

A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Stack-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Memory Corruption

Autodesk Revit DWG Stack Overflow Exploit
CVE-2024-37008 7.8 - High - August 21, 2024

A maliciously crafted DWG file, when parsed in Revit, can force a stack-based buffer overflow. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Memory Corruption

SketchUp Use-After-Free via Malicious SKP (CVE-2023-25002)
CVE-2023-25002 7.8 - High - June 27, 2023

A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.

Dangling pointer

Autodesk pskernel.dll Integer Overflow -> Code Execution
CVE-2023-25004 7.8 - High - June 27, 2023

A maliciously crafted pskernel.dll file in Autodesk products is used to trigger integer overflow vulnerabilities. Exploitation of these vulnerabilities may lead to code execution.

Integer Overflow or Wraparound

Memory Corruption via Malicious File in pskernel.dll (Code Exec)
CVE-2023-29068 7.8 - High - June 27, 2023

A maliciously crafted file consumed through pskernel.dll file could lead to memory corruption vulnerabilities. These vulnerabilities in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Memory Corruption

Autodesk AutoCAD/Maya pskernel.dll OOB Read/Write Code Exec
CVE-2023-25003 7.8 - High - June 23, 2023

A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities. Exploitation of this vulnerability may lead to code execution.

Out-of-bounds Read

Autodesk Image Processing TIFF Buffer Overflow Exec
CVE-2021-40162 7.8 - High - October 07, 2022

A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.

Out-of-bounds Read

Memory Corruption in Autodesk ImageProcessing DLL Enables Code Execution
CVE-2021-40163 7.8 - High - October 07, 2022

A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing component.

Memory Corruption

ImageMagick heap overflow via TIFF/PICT/TGA parsing
CVE-2021-40164 7.8 - High - October 07, 2022

A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.

Memory Corruption

Autodesk Image Processing: Buffer Overflow in TIFF Parsing
CVE-2021-40165 7.8 - High - October 07, 2022

A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocated buffer while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.

Memory Corruption

Autodesk Image Processing PNG Free-After-Free Exploit
CVE-2021-40166 7.8 - High - October 07, 2022

A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute arbitrary code.

Dangling pointer

Autodesk AutoCAD product suite
CVE-2022-27871 7.8 - High - June 21, 2022

Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9.1.17 version may be used to write beyond the allocated buffer while parsing PDF files. This vulnerability may be exploited to execute arbitrary code.

Allocation of Resources Without Limits or Throttling

A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version.
CVE-2021-40161 7.8 - High - December 23, 2021

A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version.

Memory Corruption

PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file
CVE-2021-40160 7.8 - High - December 23, 2021

PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file. This vulnerability can be exploited to execute arbitrary code.

Out-of-bounds Read