Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    6 vulnerabilities found for Maya by Autodesk

    CVE-2025-4605 (GCVE-0-2025-4605)

    Vulnerability from nvd – Published: 2025-06-11 13:53 – Updated: 2025-08-19 13:14
    VLAI
    Title
    USD File Parsing Memory Allocation Vulnerability
    Summary
    A maliciously crafted .usdc file, when loaded through Autodesk Maya, can force an uncontrolled memory allocation vulnerability. A malicious actor may leverage this vulnerability to cause a denial-of-service (DoS), or cause data corruption.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-789 - Memory Allocation with Excessive Size Value
    Assigner
    Impacted products
    Vendor Product Version
    Autodesk USD for Maya Affected: Maya USD 0.31.0 , < Maya USD 0.32.0 (custom)
        cpe:2.3:a:autodesk:usd_for_maya:maya_usd_0.31.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Autodesk USD for 3ds Max Affected: Max USD 0.10 , < Max USD 0.11 (custom)
        cpe:2.3:a:autodesk:usd_for_3ds_max:max_usd_0.10:*:*:*:*:*:*:*
    Create a notification for this product.
    Autodesk Maya Affected: 2025 , < 2025.3.1 (custom)
        cpe:2.3:a:autodesk:maya:2025:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-4605",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-11T14:02:40.218311Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-11T14:02:53.217Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:autodesk:usd_for_maya:maya_usd_0.31.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "USD for Maya",
              "vendor": "Autodesk",
              "versions": [
                {
                  "lessThan": "Maya USD 0.32.0",
                  "status": "affected",
                  "version": "Maya USD 0.31.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:autodesk:usd_for_3ds_max:max_usd_0.10:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "USD for 3ds Max",
              "vendor": "Autodesk",
              "versions": [
                {
                  "lessThan": "Max USD 0.11",
                  "status": "affected",
                  "version": "Max USD 0.10",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:autodesk:maya:2025:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Maya",
              "vendor": "Autodesk",
              "versions": [
                {
                  "lessThan": "2025.3.1",
                  "status": "affected",
                  "version": "2025",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A maliciously crafted .usdc file, when loaded through Autodesk Maya, can force an uncontrolled memory allocation vulnerability. A malicious actor may leverage this vulnerability to cause a denial-of-service (DoS), or cause data corruption.\u003cbr\u003e"
                }
              ],
              "value": "A maliciously crafted .usdc file, when loaded through Autodesk Maya, can force an uncontrolled memory allocation vulnerability. A malicious actor may leverage this vulnerability to cause a denial-of-service (DoS), or cause data corruption."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-789",
                  "description": "CWE-789 Memory Allocation with Excessive Size Value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-19T13:14:48.074Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/Autodesk/maya-usd"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/Autodesk/3dsmax-usd"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://www.autodesk.com/products/autodesk-access/overview"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0011"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "USD File Parsing Memory Allocation Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2025-4605",
        "datePublished": "2025-06-11T13:53:51.204Z",
        "dateReserved": "2025-05-12T18:36:16.531Z",
        "dateUpdated": "2025-08-19T13:14:48.074Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-42947 (GCVE-0-2022-42947)

    Vulnerability from nvd – Published: 2022-12-19 00:00 – Updated: 2025-04-17 14:45
    VLAI
    Summary
    A maliciously crafted X_B file when parsed through Autodesk Maya 2023 and 2022 can be used to write beyond the allocated buffer. This vulnerability can lead to arbitrary code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Out-of-bound Write
    • CWE-787 - Out-of-bounds Write
    Assigner
    Impacted products
    Vendor Product Version
    n/a Autodesk Maya Affected: 2023, 2022
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:19:05.543Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-42947",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-17T14:45:09.049518Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-17T14:45:50.307Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Autodesk Maya",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "2023, 2022"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A maliciously crafted X_B file when parsed through Autodesk Maya 2023 and 2022 can be used to write beyond the allocated buffer. This vulnerability can lead to arbitrary code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Out-of-bound Write",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-17T00:00:00.000Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2022-42947",
        "datePublished": "2022-12-19T00:00:00.000Z",
        "dateReserved": "2022-10-14T00:00:00.000Z",
        "dateUpdated": "2025-04-17T14:45:50.307Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-42946 (GCVE-0-2022-42946)

    Vulnerability from nvd – Published: 2022-12-19 00:00 – Updated: 2025-04-17 14:54
    VLAI
    Summary
    Parsing a maliciously crafted X_B and PRT file can force Autodesk Maya 2023 and 2022 to read beyond allocated buffer. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Out-of-bound Read
    • CWE-787 - Out-of-bounds Write
    Assigner
    Impacted products
    Vendor Product Version
    n/a Autodesk Maya Affected: 2023, 2022
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:19:05.525Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-42946",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-17T14:52:51.392745Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-17T14:54:48.090Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Autodesk Maya",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "2023, 2022"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Parsing a maliciously crafted X_B and PRT file can force Autodesk Maya 2023 and 2022 to read beyond allocated buffer. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Out-of-bound Read",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-17T00:00:00.000Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2022-42946",
        "datePublished": "2022-12-19T00:00:00.000Z",
        "dateReserved": "2022-10-14T00:00:00.000Z",
        "dateUpdated": "2025-04-17T14:54:48.090Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-4605 (GCVE-0-2025-4605)

    Vulnerability from cvelistv5 – Published: 2025-06-11 13:53 – Updated: 2025-08-19 13:14
    VLAI
    Title
    USD File Parsing Memory Allocation Vulnerability
    Summary
    A maliciously crafted .usdc file, when loaded through Autodesk Maya, can force an uncontrolled memory allocation vulnerability. A malicious actor may leverage this vulnerability to cause a denial-of-service (DoS), or cause data corruption.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-789 - Memory Allocation with Excessive Size Value
    Assigner
    Impacted products
    Vendor Product Version
    Autodesk USD for Maya Affected: Maya USD 0.31.0 , < Maya USD 0.32.0 (custom)
        cpe:2.3:a:autodesk:usd_for_maya:maya_usd_0.31.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Autodesk USD for 3ds Max Affected: Max USD 0.10 , < Max USD 0.11 (custom)
        cpe:2.3:a:autodesk:usd_for_3ds_max:max_usd_0.10:*:*:*:*:*:*:*
    Create a notification for this product.
    Autodesk Maya Affected: 2025 , < 2025.3.1 (custom)
        cpe:2.3:a:autodesk:maya:2025:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-4605",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-11T14:02:40.218311Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-11T14:02:53.217Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:autodesk:usd_for_maya:maya_usd_0.31.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "USD for Maya",
              "vendor": "Autodesk",
              "versions": [
                {
                  "lessThan": "Maya USD 0.32.0",
                  "status": "affected",
                  "version": "Maya USD 0.31.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:autodesk:usd_for_3ds_max:max_usd_0.10:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "USD for 3ds Max",
              "vendor": "Autodesk",
              "versions": [
                {
                  "lessThan": "Max USD 0.11",
                  "status": "affected",
                  "version": "Max USD 0.10",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:autodesk:maya:2025:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Maya",
              "vendor": "Autodesk",
              "versions": [
                {
                  "lessThan": "2025.3.1",
                  "status": "affected",
                  "version": "2025",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A maliciously crafted .usdc file, when loaded through Autodesk Maya, can force an uncontrolled memory allocation vulnerability. A malicious actor may leverage this vulnerability to cause a denial-of-service (DoS), or cause data corruption.\u003cbr\u003e"
                }
              ],
              "value": "A maliciously crafted .usdc file, when loaded through Autodesk Maya, can force an uncontrolled memory allocation vulnerability. A malicious actor may leverage this vulnerability to cause a denial-of-service (DoS), or cause data corruption."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-789",
                  "description": "CWE-789 Memory Allocation with Excessive Size Value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-19T13:14:48.074Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/Autodesk/maya-usd"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/Autodesk/3dsmax-usd"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://www.autodesk.com/products/autodesk-access/overview"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0011"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "USD File Parsing Memory Allocation Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2025-4605",
        "datePublished": "2025-06-11T13:53:51.204Z",
        "dateReserved": "2025-05-12T18:36:16.531Z",
        "dateUpdated": "2025-08-19T13:14:48.074Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-42946 (GCVE-0-2022-42946)

    Vulnerability from cvelistv5 – Published: 2022-12-19 00:00 – Updated: 2025-04-17 14:54
    VLAI
    Summary
    Parsing a maliciously crafted X_B and PRT file can force Autodesk Maya 2023 and 2022 to read beyond allocated buffer. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Out-of-bound Read
    • CWE-787 - Out-of-bounds Write
    Assigner
    Impacted products
    Vendor Product Version
    n/a Autodesk Maya Affected: 2023, 2022
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:19:05.525Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-42946",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-17T14:52:51.392745Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-17T14:54:48.090Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Autodesk Maya",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "2023, 2022"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Parsing a maliciously crafted X_B and PRT file can force Autodesk Maya 2023 and 2022 to read beyond allocated buffer. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Out-of-bound Read",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-17T00:00:00.000Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2022-42946",
        "datePublished": "2022-12-19T00:00:00.000Z",
        "dateReserved": "2022-10-14T00:00:00.000Z",
        "dateUpdated": "2025-04-17T14:54:48.090Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-42947 (GCVE-0-2022-42947)

    Vulnerability from cvelistv5 – Published: 2022-12-19 00:00 – Updated: 2025-04-17 14:45
    VLAI
    Summary
    A maliciously crafted X_B file when parsed through Autodesk Maya 2023 and 2022 can be used to write beyond the allocated buffer. This vulnerability can lead to arbitrary code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Out-of-bound Write
    • CWE-787 - Out-of-bounds Write
    Assigner
    Impacted products
    Vendor Product Version
    n/a Autodesk Maya Affected: 2023, 2022
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:19:05.543Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-42947",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-17T14:45:09.049518Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-17T14:45:50.307Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Autodesk Maya",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "2023, 2022"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A maliciously crafted X_B file when parsed through Autodesk Maya 2023 and 2022 can be used to write beyond the allocated buffer. This vulnerability can lead to arbitrary code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Out-of-bound Write",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-17T00:00:00.000Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2022-42947",
        "datePublished": "2022-12-19T00:00:00.000Z",
        "dateReserved": "2022-10-14T00:00:00.000Z",
        "dateUpdated": "2025-04-17T14:45:50.307Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }