A maliciously crafted DGN file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Weakness
The code uses a variable that has not been initialized, leading to unpredictable or unintended results.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Advance_steel | Autodesk | 2026 (including) | 2026 (including) |
| Autocad | Autodesk | 2026 (including) | 2026 (including) |
| Autocad_architecture | Autodesk | 2026 (including) | 2026 (including) |
| Autocad_electrical | Autodesk | 2026 (including) | 2026 (including) |
| Autocad_lt | Autodesk | 2026 (including) | 2026 (including) |
| Autocad_map_3d | Autodesk | 2026 (including) | 2026 (including) |
| Autocad_mechanical | Autodesk | 2026 (including) | 2026 (including) |
| Autocad_mep | Autodesk | 2026 (including) | 2026 (including) |
| Autocad_plant_3d | Autodesk | 2026 (including) | 2026 (including) |
| Civil_3d | Autodesk | 2026 (including) | 2026 (including) |