CVE-2021-40155

7.8 HIGH

A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsi...

Published: 2021-09-15 · Last updated: 2026-06-17

Severity and scoring

CVSS: 7.8 HIGH
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-125

Affected products

Vendor	Product
autodesk	navisworks

Description

A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execute arbitrary code.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-40155
[Vendor advisory]https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0009
[Vendor advisory]https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0009

Related CVEs

Same vendor

CVE-2026-7454 — A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability (7.8 HIGH)
CVE-2026-7453 — A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can cause a Stack Exhaustion vulnerability, leading to a denial-of-... (5.5 MEDIUM)
CVE-2026-7452 — A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability (7.8 HIGH)
CVE-2026-7451 — A maliciously crafted TIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability (7.8 HIGH)
CVE-2026-7450 — A maliciously crafted PAR file, when parsed through Autodesk 3ds Max, can force a NULL Pointer Dereference vulnerability (5.5 MEDIUM)

Same CWE

CVE-2026-4367 — A flaw was found in libXpm (5.5 MEDIUM)
CVE-2026-47963 — DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive me... (5.5 MEDIUM)
CVE-2026-47934 — DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive me... (5.5 MEDIUM)
CVE-2026-47927 — DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive me... (5.5 MEDIUM)
CVE-2026-47748 — stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inf... (5.5 MEDIUM)