A maliciously crafted DXF file when parsed in acdb25.dll through Autodesk AutoCAD can force to access a variable prior to initialization. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
The product uses or accesses a resource that has not been initialized.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Autocad | Autodesk | 2025 (including) | 2025.1.1 (excluding) |
| Autocad_advance_steel | Autodesk | 2025 (including) | 2025.1.1 (excluding) |
| Autocad_architecture | Autodesk | 2025 (including) | 2025.1.1 (excluding) |
| Autocad_civil_3d | Autodesk | 2025 (including) | 2025.1.1 (excluding) |
| Autocad_electrical | Autodesk | 2025 (including) | 2025.1.1 (excluding) |
| Autocad_lt | Autodesk | 2025 (including) | 2025.1.1 (excluding) |
| Autocad_mechanical | Autodesk | 2025 (including) | 2025.1.1 (excluding) |
| Autocad_mep | Autodesk | 2025 (including) | 2025.1.1 (excluding) |
| Autocad_plant_3d | Autodesk | 2025 (including) | 2025.1.1 (excluding) |
| Dwg_trueview | Autodesk | 2025 (including) | 2025.1.1 (excluding) |