CVE-2023-27910: 
vulnerability analysis and mitigation

A stack buffer overflow vulnerability exists in Autodesk® FBX® SDK 2020 and prior versions, where a user could be tricked into opening a malicious FBX file that could lead to code execution (Autodesk Advisory). The vulnerability was disclosed on March 29, 2023, and has been assigned a CVSS v3.1 base score of 7.8 HIGH (NVD).

The vulnerability is classified as a stack-based buffer overflow (CWE-121) that could allow an attacker to execute arbitrary code through specially crafted FBX files. The vulnerability affects local systems and requires user interaction to exploit, as indicated by the CVSS vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

If successfully exploited, this vulnerability could lead to code execution with the privileges of the affected application, potentially compromising the confidentiality, integrity, and availability of the system. The high CVSS score of 7.8 indicates significant potential impact on affected systems (NVD).

Autodesk has released version 2020.3.4 of the FBX SDK to address this vulnerability. Users and third-party developers who use FBX SDK in their applications or services are strongly recommended to upgrade to the latest version via Autodesk Access. For systems using previous versions that no longer qualify for full support, users should plan to upgrade to a supported version as soon as possible (Autodesk Advisory).