3ds Max
Monthly
Autodesk 3ds Max is vulnerable to arbitrary code execution when processing maliciously crafted GIF files due to a stack-based buffer overflow (CVE-2026-0536, CVSS 7.8). Local attackers can exploit this vulnerability by tricking users into opening a malicious GIF file to execute code with the privileges of the 3ds Max process. No patch is currently available.
Arbitrary code execution in Autodesk 3ds Max occurs when users open max files from maliciously crafted project directories that exploit an untrusted search path vulnerability. Local attackers can leverage this to execute arbitrary code with the privileges of the current user without requiring special permissions or interaction beyond opening a file. No patch is currently available for this high-severity vulnerability affecting 3ds Max users.
Arbitrary code execution in Autodesk 3ds Max can be achieved by processing a specially crafted RGB file, affecting users who open untrusted files. This memory corruption vulnerability requires user interaction but grants attackers full system privileges within the application context. No patch is currently available.
Arbitrary code execution in Autodesk 3ds Max via malicious GIF file parsing exploits a stack-based buffer overflow vulnerability, allowing local attackers to execute code with the privileges of the application. The vulnerability requires user interaction to open a crafted GIF file and currently has no available patch. This affects 3ds Max users who may unknowingly process untrusted image files.
Arbitrary code execution in Autodesk 3ds Max occurs when processing specially crafted GIF files due to an out-of-bounds write flaw. Attackers can exploit this vulnerability locally to execute malicious code with the privileges of the application user. No patch is currently available for affected systems.
Arbitrary code execution in Autodesk 3ds Max results from improper handling of maliciously crafted RGB files, allowing an attacker to corrupt memory and execute code with the privileges of the application user. The vulnerability requires local file interaction but poses high risk due to widespread use of 3ds Max in design and animation workflows. No patch is currently available, leaving affected users vulnerable to exploitation through social engineering or supply chain attacks involving malicious RGB assets.
A maliciously crafted DWG file, when parsed through Autodesk 3ds Max, can force a Use-After-Free vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A maliciously crafted JPG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A maliciously crafted TGA file, when linked or imported into Autodesk 3ds Max, can force a Memory Corruption vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A maliciously crafted RBG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A maliciously crafted PSD file, when linked or imported into Autodesk 3ds Max, can force an Out-of-Bounds Read vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Autodesk 3ds Max is vulnerable to arbitrary code execution when processing maliciously crafted GIF files due to a stack-based buffer overflow (CVE-2026-0536, CVSS 7.8). Local attackers can exploit this vulnerability by tricking users into opening a malicious GIF file to execute code with the privileges of the 3ds Max process. No patch is currently available.
Arbitrary code execution in Autodesk 3ds Max occurs when users open max files from maliciously crafted project directories that exploit an untrusted search path vulnerability. Local attackers can leverage this to execute arbitrary code with the privileges of the current user without requiring special permissions or interaction beyond opening a file. No patch is currently available for this high-severity vulnerability affecting 3ds Max users.
Arbitrary code execution in Autodesk 3ds Max can be achieved by processing a specially crafted RGB file, affecting users who open untrusted files. This memory corruption vulnerability requires user interaction but grants attackers full system privileges within the application context. No patch is currently available.
Arbitrary code execution in Autodesk 3ds Max via malicious GIF file parsing exploits a stack-based buffer overflow vulnerability, allowing local attackers to execute code with the privileges of the application. The vulnerability requires user interaction to open a crafted GIF file and currently has no available patch. This affects 3ds Max users who may unknowingly process untrusted image files.
Arbitrary code execution in Autodesk 3ds Max occurs when processing specially crafted GIF files due to an out-of-bounds write flaw. Attackers can exploit this vulnerability locally to execute malicious code with the privileges of the application user. No patch is currently available for affected systems.
Arbitrary code execution in Autodesk 3ds Max results from improper handling of maliciously crafted RGB files, allowing an attacker to corrupt memory and execute code with the privileges of the application user. The vulnerability requires local file interaction but poses high risk due to widespread use of 3ds Max in design and animation workflows. No patch is currently available, leaving affected users vulnerable to exploitation through social engineering or supply chain attacks involving malicious RGB assets.
A maliciously crafted DWG file, when parsed through Autodesk 3ds Max, can force a Use-After-Free vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A maliciously crafted JPG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A maliciously crafted TGA file, when linked or imported into Autodesk 3ds Max, can force a Memory Corruption vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A maliciously crafted RBG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A maliciously crafted PSD file, when linked or imported into Autodesk 3ds Max, can force an Out-of-Bounds Read vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.