#VU59946 Out-of-bounds read in Autodesk Inventor - CVE-2021-40158

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when parsing the JT file. A remote attacker can create a specially crafted JT file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Remediation

External links

• https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002
• https://www.zerodayinitiative.com/advisories/ZDI-22-288/
• https://www.zerodayinitiative.com/advisories/ZDI-22-287/
• https://www.zerodayinitiative.com/advisories/ZDI-22-286/
• https://www.zerodayinitiative.com/advisories/ZDI-22-285/
• https://www.zerodayinitiative.com/advisories/ZDI-22-284/
• https://www.zerodayinitiative.com/advisories/ZDI-22-283/
• https://www.zerodayinitiative.com/advisories/ZDI-22-281/
• https://www.zerodayinitiative.com/advisories/ZDI-22-455/
• https://www.zerodayinitiative.com/advisories/ZDI-22-454/
• https://www.zerodayinitiative.com/advisories/ZDI-22-453/
• https://www.zerodayinitiative.com/advisories/ZDI-22-452/
• https://www.zerodayinitiative.com/advisories/ZDI-22-451/
• https://www.zerodayinitiative.com/advisories/ZDI-22-450/
• https://www.zerodayinitiative.com/advisories/ZDI-22-449/
• https://www.zerodayinitiative.com/advisories/ZDI-22-448/
• https://www.zerodayinitiative.com/advisories/ZDI-22-447/
• https://www.zerodayinitiative.com/advisories/ZDI-22-445/
• https://www.zerodayinitiative.com/advisories/ZDI-22-444/
• https://www.zerodayinitiative.com/advisories/ZDI-22-443/
• https://www.zerodayinitiative.com/advisories/ZDI-22-466/
• https://www.zerodayinitiative.com/advisories/ZDI-22-441/