This page lists publicly disclosed CVE vulnerabilities affecting autodesk 3ds_max (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-7454 | A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | [email protected] | 7.8 | 0.01% | 2026-05-26 | 2026-05-26 |
| CVE-2026-7453 | A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can cause a Stack Exhaustion vulnerability, leading to a denial-of-service condition. | [email protected] | 5.5 | 0.00% | 2026-05-26 | 2026-06-03 |
| CVE-2026-7452 | A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | [email protected] | 7.8 | 0.01% | 2026-05-26 | 2026-05-26 |
| CVE-2026-7451 | A maliciously crafted TIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. | [email protected] | 7.8 | 0.01% | 2026-05-26 | 2026-05-26 |
| CVE-2026-7450 | A maliciously crafted PAR file, when parsed through Autodesk 3ds Max, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to a denial-of-service condition. | [email protected] | 5.5 | 0.00% | 2026-05-26 | 2026-06-03 |
| CVE-2026-0536 | A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | [email protected] | 7.8 | 0.01% | 2026-02-04 | 2026-02-05 |
| CVE-2026-0662 | A maliciously crafted project directory, when opening a max file in Autodesk 3ds Max, could lead to execution of arbitrary code in the context of the current process due to an Untrusted Search Path being utilized. | [email protected] | 7.8 | 0.01% | 2026-02-04 | 2026-02-06 |
| CVE-2026-0661 | A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | [email protected] | 8.4 | 0.01% | 2026-02-04 | 2026-06-03 |
| CVE-2026-0660 | A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | [email protected] | 8.4 | 0.01% | 2026-02-04 | 2026-06-03 |
| CVE-2026-0538 | A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | [email protected] | 8.4 | 0.01% | 2026-02-04 | 2026-06-03 |
| CVE-2026-0537 | A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | [email protected] | 8.4 | 0.01% | 2026-02-04 | 2026-06-03 |
| CVE-2025-11797 | A maliciously crafted DWG file, when parsed through Autodesk 3ds Max, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | [email protected] | 7.8 | 0.01% | 2025-11-12 | 2025-11-17 |
| CVE-2025-11795 | A maliciously crafted JPG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | [email protected] | 7.8 | 0.01% | 2025-11-12 | 2025-11-17 |
| CVE-2025-6634 | A maliciously crafted TGA file, when linked or imported into Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | [email protected] | 7.8 | 0.06% | 2025-08-06 | 2025-11-13 |
| CVE-2025-6633 | A maliciously crafted RBG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. | [email protected] | 7.8 | 0.06% | 2025-08-06 | 2025-11-13 |
| CVE-2025-6632 | A maliciously crafted PSD file, when linked or imported into Autodesk 3ds Max, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | [email protected] | 5.3 | 0.07% | 2025-08-06 | 2025-11-13 |
| CVE-2023-25002 | A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution. | [email protected] | 7.8 | 0.30% | 2023-06-27 | 2024-11-21 |
| CVE-2022-25793 | A Stack-based Buffer Overflow Vulnerability in Autodesk 3ds Max 2022, 2021, and 2020 may lead to code execution through the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer when parsing ActionScript Byte Code files. This vulnerability may allow arbitrary code execution on affected installations of Autodesk 3ds Max. | [email protected] | 7.8 | 0.09% | 2022-08-10 | 2024-11-21 |
| CVE-2022-27871 | Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9.1.17 version may be used to write beyond the allocated buffer while parsing PDF files. This vulnerability may be exploited to execute arbitrary code. | [email protected] | 7.8 | 0.37% | 2022-06-21 | 2024-11-21 |
| CVE-2022-27532 | A maliciously crafted TIF file in Autodesk 3ds Max 2022 and 2021 can be used to write beyond the allocated buffer while parsing TIF files. This vulnerability in conjunction with other vulnerabilities could lead to arbitrary code execution. | [email protected] | 7.8 | 0.32% | 2022-06-16 | 2024-11-21 |