CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25010 – Autodesk Maya USD File Parsing Uninitialized Variable Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-25010
12 Apr 2023 — A malicious actor may convince a victim to open a malicious USD file that may trigger an uninitialized variable which may result in code execution. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk Maya. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of USD files. The issue results from the lack of proper initializat... • https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0003 • CWE-665: Improper Initialization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27906 – Autodesk Maya USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-27906
12 Apr 2023 — A malicious actor may convince a victim to open a malicious USD file that may trigger an out-of-bounds read vulnerability which may result in code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Maya. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of USD files. The issue results from the lack of proper validatio... • https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0003 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27907 – Autodesk Maya USD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-27907
12 Apr 2023 — A malicious actor may convince a victim to open a malicious USD file that may trigger an out-of-bounds write vulnerability which may result in code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Maya. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of USD files. The issue results from the lack of proper validati... • https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0003 • CWE-787: Out-of-bounds Write •