CVE-2016-9305

critical

Published 2017-01-25 · Modified 2026-05-13

CVSS v3

9.8

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2

7.5

VIR risk

9.8

Description

Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismatches and previously deleted objects related to reading and converting malformed FBX format files can allow attackers to gain access to uninitialized pointers.

Predictions

Exploit likelihood

97%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01

Application impact

Vendor	Product	Versions	Fixed
autodesk	fbx_software_development_kit	`{"endIncluding":"2017.0"}`

References

http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01
http://www.securityfocus.com/bid/95803
http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01
http://www.securityfocus.com/bid/95803

CWEs

CWE-19

Verify integrity in audit chain (admin only). AS-IS.