CVE-2021-40166: 
NixOS vulnerability analysis and mitigation

A maliciously crafted PNG file vulnerability (CVE-2021-40166) was discovered in the Autodesk Image Processing component. The vulnerability was disclosed on October 7, 2022, affecting multiple Autodesk products including AutoCAD, Revit, Inventor, and other related software versions from 2019 to 2022 (NVD).

The vulnerability is classified as a Use-After-Free (CWE-416) issue that occurs when parsing PNG files in the Autodesk Image Processing component. It has a CVSS v3.1 base score of 7.8 (High), with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The attack requires local access and user interaction but needs no privileges to execute (NVD).

If successfully exploited, this vulnerability allows attackers to execute arbitrary code in the context of the current process. The vulnerability affects confidentiality, integrity, and availability with high severity ratings for each aspect (Autodesk Advisory).

Autodesk has released patches for affected products. Users should update to the following versions: AutoCAD 2022.1.2, 2021.1.2, 2020.1.5, or 2019.1.4; Revit 2022.1.1, 2021.1.5, 2020.2.6, or 2019.2.4; and similar version updates for other affected products. Updates can be obtained through the Autodesk Desktop App or Accounts Portal (Autodesk Advisory).