CVE-2026-0536

{"id": "CVE-2026-0536", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "psirt@autodesk.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2026-02-04T19:16:14.290", "references": [{"url": "https://www.autodesk.com/products/autodesk-access/overview", "tags": ["Product"], "source": "psirt@autodesk.com"}, {"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0002", "tags": ["Vendor Advisory"], "source": "psirt@autodesk.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@autodesk.com", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."}, {"lang": "es", "value": "Un archivo GIF creado maliciosamente, al ser analizado por Autodesk 3ds Max, puede causar una vulnerabilidad de desbordamiento de b\u00fafer basado en pila. Un actor malicioso puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo arbitrario en el contexto del proceso actual."}], "lastModified": "2026-02-05T22:06:39.947", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:autodesk:3ds_max:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF0B2FEF-FF28-4FF2-91CF-B417FB77CF04", "versionEndExcluding": "2026.3.2", "versionStartIncluding": "2026"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@autodesk.com"}