• Advisory Details Autodesk AutoCAD CATPART File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-26-106ZDI-CAN-28417 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. • User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. • The specific flaw exists within the parsing of CATPART files. • The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. • An attacker can leverage this vulnerability to execute code in the context of the current process. • 2025-11-06 - Vulnerability reported to vendor 2026-02-18 - Coordinated public release of advisory 2026-02-18 - Advisory Updated General Inquiries Find us on X Find us on Mastodon Media Inquiries Sensitive Email Communications Our Mission TrendAI TippingPoint IPS Process Researcher Rewards FAQS Privacy Published Advisories Upcoming Advisories RSS Feeds
Advisory Details Autodesk AutoCAD MODEL File Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-26-107ZDI-CAN-28581 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD.
Article Summaries:
- CVE ID | CVE-2026-0874 | CVSS SCORE | 7.8, AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | AFFECTED VENDORS | Autodesk | AFFECTED PRODUCTS | AutoCAD | VULNERABILITY DETAILS | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CATPART files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an al
- CVE ID | CVE-2026-0875 | CVSS SCORE | 7.8, AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | AFFECTED VENDORS | Autodesk | AFFECTED PRODUCTS | AutoCAD | VULNERABILITY DETAILS | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of MODEL files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allo
- CVE ID | CVE-2026-2048 | CVSS SCORE | 7.8, AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | AFFECTED VENDORS | GIMP | AFFECTED PRODUCTS | GIMP | VULNERABILITY DETAILS | This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An atta
- CVE ID | CVE-2026-2044 | CVSS SCORE | 7.8, AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | AFFECTED VENDORS | GIMP | AFFECTED PRODUCTS | GIMP | VULNERABILITY DETAILS | This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PGM files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute cod
- CVE ID | CVE-2026-2045 | CVSS SCORE | 7.8, AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | AFFECTED VENDORS | GIMP | AFFECTED PRODUCTS | GIMP | VULNERABILITY DETAILS | This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An atta
Sources:
- http://www.zerodayinitiative.com/advisories/ZDI-26-106/
- http://www.zerodayinitiative.com/advisories/ZDI-26-107/
- http://www.zerodayinitiative.com/advisories/ZDI-26-121/
- http://www.zerodayinitiative.com/advisories/ZDI-26-118/
- http://www.zerodayinitiative.com/advisories/ZDI-26-119/
- http://www.zerodayinitiative.com/advisories/ZDI-26-120/
- http://www.zerodayinitiative.com/advisories/ZDI-26-113/
- http://www.zerodayinitiative.com/advisories/ZDI-26-112/
- http://www.zerodayinitiative.com/advisories/ZDI-26-114/
- http://www.zerodayinitiative.com/advisories/ZDI-26-110/
- http://www.zerodayinitiative.com/advisories/ZDI-26-109/
- http://www.zerodayinitiative.com/advisories/ZDI-26-108/ (Latest source article published: 2026-02-19 06:00 UTC)