CVE-2021-40166 Malicious Png files may be used to attempt to free an already freed object.

The vulnerability is present in the parsing of PNG images in the Autodesk Image Processing component. A maliciously crafted PNG image may be used to attempt to free an object that has already been freed while parsing it. Exploitation of this vulnerability may allow attackers to execute arbitrary code on the affected software.

CVE-2018-9661: *Denys Redkirov of Critical Software Ltd. - Critical Software Ltd has demonstrated an attack vector to exploit this vulnerability. Redkirov has reported that a maliciously crafted PNG file may be used to attempt to free an object that has already been freed while parsing it. Redkirov has also reported that a maliciously crafted PNG file may be used to execute arbitrary code on the affected software. Redkirov has reported that a maliciously crafted PNG file may be used to attempt to execute arbitrary code on the affected software. Redkirov has also reported that a maliciously crafted PNG file may be used to execute arbitrary code on the affected software. Redkirov has reported that a maliciously crafted PNG file may be used to execute arbitrary code on the affected software. Redkirov has reported that a maliciously crafted PNG file may be used to execute arbitrary code on the affected software. Redkirov has reported that a maliciously crafted PNG file may be used to execute arbitrary code on the affected software. Redkirov has reported that a maliciously crafted PNG file may be used to execute arbitrary code on the affected software

Vulnerability Details

CVE-2018-9661: *Denys Redkirov of Critical Software Ltd. - Critical Software Ltd has demonstrated an attack vector to exploit this vulnerability. Redkirov has reported that a maliciously crafted PNG file may be used to free an object that has already been freed while parsing it. Exploitation of this vulnerability may allow attackers to execute arbitrary code on the affected software.
CVE-2021-40166: *Adrien Guinet of Security Explorations - CVE-2021-40166 is a stack buffer overflow in the Autodesk Image Processing component that occurs when parsing PNG images. A maliciously crafted PNG image may be used to attempt to free an object that has already been freed while parsing it.

Vulnerable versions

-Autodesk Image Processing 7.0, 6.0, 5.3, and 5.1 -- all versions of these products are vulnerable

Timeline

Published on: 10/07/2022 18:15:00 UTC
Last modified on: 10/11/2022 17:11:00 UTC

References

• https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40166