CVE-2021-40162: 
NixOS vulnerability analysis and mitigation

A vulnerability was discovered in Autodesk Image Processing component (CVE-2021-40162) that affects multiple Autodesk products including Revit, Inventor, Infraworks, Navisworks, Fusion, and various AutoCAD versions (2022, 2021, 2020, 2019). The vulnerability allows maliciously crafted TIF, PICT, TGA, or RLC files to force the application to read beyond allocated boundaries during file parsing, potentially leading to arbitrary code execution (Autodesk Advisory).

The vulnerability is classified as an out-of-bounds read vulnerability with a CVSS v3 Base Score of 7.8 (High). The attack vector is Local, with low attack complexity, requiring no privileges but needs user interaction. The scope is unchanged, with high impact on confidentiality, integrity, and availability (AttackerKB).

If successfully exploited, this vulnerability could allow attackers to execute arbitrary code in the context of the current process. The vulnerability affects the confidentiality, integrity, and availability of the system with high severity ratings for all three aspects (NVD).

Autodesk has released patches for affected products. Users are recommended to apply the available hotfixes via the Autodesk Desktop App or Accounts Portal. Specific version updates include: AutoCAD 2022.1.2, 2021.1.2, 2020.1.5, 2019.1.4; Revit 2022.1.1, 2021.1.5, 2020.2.6, 2019.2.4; and similar updates for other affected products. Users of 32-bit AutoCAD 2019 should upgrade to 64-bit AutoCAD 2019 or a newer version (Autodesk Advisory).