CVE-2021-40156

7.8 HIGH

A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to write beyond allocated boundaries when pars...

Published: 2021-09-15 · Last updated: 2026-06-17

Severity and scoring

CVSS: 7.8 HIGH
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787

Affected products

Vendor	Product
autodesk	navisworks

Description

A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to write beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execute arbitrary code.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-40156
[Vendor advisory]https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0009
[Vendor advisory]https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0009

Related CVEs

Same vendor

CVE-2026-7454 — A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability (7.8 HIGH)
CVE-2026-7453 — A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can cause a Stack Exhaustion vulnerability, leading to a denial-of-... (5.5 MEDIUM)
CVE-2026-7452 — A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability (7.8 HIGH)
CVE-2026-7451 — A maliciously crafted TIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability (7.8 HIGH)
CVE-2026-7450 — A maliciously crafted PAR file, when parsed through Autodesk 3ds Max, can force a NULL Pointer Dereference vulnerability (5.5 MEDIUM)

Same CWE

CVE-2026-47750 — stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inf... (7.8 HIGH)
CVE-2026-47747 — stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inf... (7.8 HIGH)
CVE-2026-47749 — stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inf... (7.8 HIGH)
CVE-2026-12314 — Memory safety bug fixed in Thunderbird 152 (7.5 HIGH)
CVE-2026-12310 — Memory safety bug fixed in Thunderbird 152 (7.5 HIGH)