Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Revit
(Autodesk)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 31 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-07-22 | CVE-2025-5042 | A maliciously crafted RFA file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | Revit | N/A | ||
| 2025-07-24 | CVE-2025-5039 | A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized. | Infrastructure_parts_editor, Inventor, Navisworks_manage, Navisworks_simulate, Revit, Vault | N/A | ||
| 2024-12-09 | CVE-2024-11268 | A maliciously crafted PDF file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash or could lead to an arbitrary memory leak. | Revit | 5.5 | ||
| 2024-12-09 | CVE-2024-11454 | A maliciously crafted DLL file, when placed in the same directory as an RVT file could be loaded by Autodesk Revit, and execute arbitrary code in the context of the current process due to an untrusted search patch being utilized. | Revit | 7.8 | ||
| 2024-12-09 | CVE-2024-11608 | A maliciously crafted SKP file, when linked or imported into Autodesk Revit, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | Revit | 7.8 | ||
| 2024-10-16 | CVE-2024-7993 | A maliciously crafted PDF file, when parsed through Autodesk Revit, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. | Revit | 7.8 | ||
| 2021-12-23 | CVE-2021-40160 | PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file. This vulnerability can be exploited to execute arbitrary code. | Advance_steel, Autocad, Autocad_architecture, Autocad_electrical, Autocad_lt, Autocad_map_3d, Autocad_mechanical, Autocad_mep, Autocad_plant_3d, Civil_3d, Design_review, Navisworks, Revit | 7.8 | ||
| 2021-12-23 | CVE-2021-40161 | A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version. | Advance_steel, Autocad, Autocad_architecture, Autocad_electrical, Autocad_lt, Autocad_map_3d, Autocad_mechanical, Autocad_mep, Autocad_plant_3d, Civil_3d, Design_review, Navisworks, Revit | 7.8 | ||
| 2022-06-21 | CVE-2022-27871 | Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9.1.17 version may be used to write beyond the allocated buffer while parsing PDF files. This vulnerability may be exploited to execute arbitrary code. | 3ds_max, Advance_steel, Autocad, Autocad_architecture, Autocad_civil_3d, Autocad_electrical, Autocad_lt, Autocad_map_3d, Autocad_mechanical, Autocad_mep, Autocad_plant_3d, Design_review, Navisworks, Revit | 7.8 | ||
| 2022-10-07 | CVE-2021-40162 | A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code. | Autocad, Autocad_advance_steel, Autocad_architecture, Autocad_civil_3d, Autocad_electrical, Autocad_lt, Autocad_map_3d, Autocad_mechanical, Autocad_mep, Autocad_plant_3d, Design_review, Dwg_trueview, Fusion, Infrastructure_parts_editor, Infraworks, Inventor, Navisworks, Revit, Storm_and_sanitary_analysis | 7.8 |