Autodesk Image Processing component incorrectly validates the length of a file that contains an image. If a maliciously crafted image file is input, it may lead to an information disclosure. This vulnerability may be exploited to access files and directories outside the intended scope. Furthermore, this vulnerability may lead to code execution. Autodesk Image Processing component incorrectly validates the length of a file that contains an image. If a maliciously crafted image file is input, it may lead to an information disclosure. This vulnerability may be exploited to access files and directories outside the intended scope. Furthermore, this vulnerability may lead to code execution. Autodesk Image Processing component incorrectly validates the length of a file that contains an image. If a maliciously crafted image file is input, it may lead to an information disclosure. This vulnerability may be exploited to access files and directories outside the intended scope. Furthermore, this vulnerability may lead to code execution. Autodesk Image Processing component does not validate the length of a file that contains an image. If a maliciously crafted image file is input, it may lead to information disclosure. This vulnerability may be exploited to access files and directories outside the intended scope. Furthermore, this vulnerability may lead to code execution. Autodesk Image Processing component does not validate the length of a file that contains an image
Credit to ngsec CVE-2021-40165
If a maliciously crafted image file is input, it may lead to an information disclosure. This vulnerability may be exploited to access files and directories outside the intended scope. Furthermore, this vulnerability may lead to code execution. Autodesk Image Processing component does not validate the length of a file that contains an image. If a maliciously crafted image file is input, it may lead to information disclosure. This vulnerability may be exploited to access files and directories outside the intended scope. Furthermore, this vulnerability may lead to code execution.
New features
To address this vulnerability, Autodesk released two new features for the product: a validation layer for the Image Processing component and a new platform that does not require any external DLLs. This is an especially important development because it is the first time these two features have been rolled out together in conjunction with each other.
Vulnerability Scenario
An attacker may be able to exploit this vulnerability to access files and directories outside the intended scope. Furthermore, this vulnerability may lead to code execution.
Timeline
Published on: 10/07/2022 18:15:00 UTC
Last modified on: 10/11/2022 17:10:00 UTC