• Remote code execution via out-of-bounds write in AutoCAD MODEL file parsing. • Requires user to open malicious file or visit malicious page. • Exploit writes past allocated buffer, running code in current process context. • Vendor notified 2025‑12‑16; advisory released 2026‑02‑18. • Affects all AutoCAD versions lacking patch; patch available from Autodesk. • Similar flaws found in CATPART and GIMP XWD parsing. • Immediate patching recommended; enable automatic updates.

Article Summaries:

  • CVE ID | CVE-2026-0875 | CVSS SCORE | 7.8, AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | AFFECTED VENDORS | Autodesk | AFFECTED PRODUCTS | AutoCAD | VULNERABILITY DETAILS | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of MODEL files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allo
  • CVE ID | CVE-2026-0874 | CVSS SCORE | 7.8, AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | AFFECTED VENDORS | Autodesk | AFFECTED PRODUCTS | AutoCAD | VULNERABILITY DETAILS | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CATPART files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an al
  • CVE ID | CVE-2026-2048 | CVSS SCORE | 7.8, AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | AFFECTED VENDORS | GIMP | AFFECTED PRODUCTS | GIMP | VULNERABILITY DETAILS | This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An atta
  • CVE ID | CVE-2026-2047 | CVSS SCORE | 7.8, AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | AFFECTED VENDORS | GIMP | AFFECTED PRODUCTS | GIMP | VULNERABILITY DETAILS | This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ICNS files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker ca
  • CVE ID | CVE-2026-2045 | CVSS SCORE | 7.8, AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | AFFECTED VENDORS | GIMP | AFFECTED PRODUCTS | GIMP | VULNERABILITY DETAILS | This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An atta

Sources: