Autodesk Revit
By the Year
In 2024 there have been 0 vulnerabilities in Autodesk Revit . Last year Revit had 4 security vulnerabilities published. Right now, Revit is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 4 | 7.80 |
| 2022 | 6 | 7.80 |
| 2021 | 2 | 7.80 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Revit vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Autodesk Revit Security Vulnerabilities
A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability
CVE-2023-25002
7.8 - High
- June 27, 2023
A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.
Dangling pointer
A maliciously crafted file consumed through pskernel.dll file could lead to memory corruption vulnerabilities
CVE-2023-29068
7.8 - High
- June 27, 2023
A maliciously crafted file consumed through pskernel.dll file could lead to memory corruption vulnerabilities. These vulnerabilities in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
Memory Corruption
A maliciously crafted pskernel.dll file in Autodesk products is used to trigger integer overflow vulnerabilities
CVE-2023-25004
7.8 - High
- June 27, 2023
A maliciously crafted pskernel.dll file in Autodesk products is used to trigger integer overflow vulnerabilities. Exploitation of these vulnerabilities may lead to code execution.
Integer Overflow or Wraparound
A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities
CVE-2023-25003
7.8 - High
- June 23, 2023
A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities. Exploitation of this vulnerability may lead to code execution.
Out-of-bounds Read
A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object
CVE-2021-40166
7.8 - High
- October 07, 2022
A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute arbitrary code.
Dangling pointer
A maliciously crafted TIFF
CVE-2021-40165
7.8 - High
- October 07, 2022
A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocated buffer while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.
Memory Corruption
A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files
CVE-2021-40164
7.8 - High
- October 07, 2022
A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.
Memory Corruption
A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing component.
CVE-2021-40163
7.8 - High
- October 07, 2022
A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing component.
Memory Corruption
A maliciously crafted TIF
CVE-2021-40162
7.8 - High
- October 07, 2022
A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.
Out-of-bounds Read
Autodesk AutoCAD product suite
CVE-2022-27871
7.8 - High
- June 21, 2022
Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9.1.17 version may be used to write beyond the allocated buffer while parsing PDF files. This vulnerability may be exploited to execute arbitrary code.
Allocation of Resources Without Limits or Throttling
A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version.
CVE-2021-40161
7.8 - High
- December 23, 2021
A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version.
Memory Corruption
PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file
CVE-2021-40160
7.8 - High
- December 23, 2021
PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file. This vulnerability can be exploited to execute arbitrary code.
Out-of-bounds Read
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Autodesk Design Review or by Autodesk? Click the Watch button to subscribe.
