autodesk

fusion

9 known vulnerabilities · sorted by CVSS score

CVE-2025-10244

A maliciously crafted HTML payload, when rendered by the Autodesk Fusion desktop application, can trigger a Stored Cross-site Scripting (XSS) vulnerability. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process.

autodesk / fusion

Network

Published Sep 23, 2025

CVE-2021-40164

HIGH7.8

A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.

autodesk / autocad+87

Local

Published Oct 7, 2022

CVE-2021-40165

HIGH7.8

A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocated buffer while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.

autodesk / autocad+87

Local

Published Oct 7, 2022

CVE-2021-40162

HIGH7.8

A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.

autodesk / autocad+87

Local

Published Oct 7, 2022

CVE-2021-40163

HIGH7.8

A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing component.

autodesk / autocad+87

Local

Published Oct 7, 2022

CVE-2021-40166

HIGH7.8

A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute arbitrary code.

autodesk / autocad+87

Local

Published Oct 7, 2022

CVE-2026-0533

HIGH7.1

A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process.

autodesk / fusion

Local

Published Jan 22, 2026

CVE-2026-0534

HIGH7.1

A maliciously crafted HTML payload, stored in a part’s attribute and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process.

autodesk / fusion

Local

Published Jan 22, 2026

CVE-2026-0535

HIGH7.1

A maliciously crafted HTML payload, stored in a component’s description and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process.

autodesk / fusion

Local

Published Jan 22, 2026