Vulnerabilites related to Autodesk - AutoCAD Architecture
cve-2024-8896
Vulnerability from cvelistv5
Published
2024-10-29 21:43
Modified
2025-02-03 18:08
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted DXF file when parsed in acdb25.dll through Autodesk AutoCAD can force to access a variable prior to initialization. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0021
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD LT Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1.1
 Create a notification for this product.
   AutoCAD Civil 3D Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk DWG TrueView Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Infrastructure Parts Editor Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Inventor Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Navisworks Manage Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Navisworks Simulate Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Revit Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Vault Basic Client Version: 2025   < 2025.1.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8896",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:33.412413Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:01:25.860Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_lt:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD LT",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "AutoCAD",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:dwg_trueview:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "DWG TrueView",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:infrastructure_parts_editor:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Infrastructure Parts Editor",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:inventor:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Inventor",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:navisworks_manage:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Navisworks Manage",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:navisworks_simulate:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Navisworks Simulate",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:revit:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Revit",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:vault_basic_client:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Vault Basic Client",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted DXF file when parsed in acdb25.dll\u0026nbsp;through Autodesk AutoCAD can force to access a variable prior to initialization. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
            }
          ],
          "value": "A maliciously crafted DXF file when parsed in acdb25.dll\u00a0through Autodesk AutoCAD can force to access a variable prior to initialization. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-908",
              "description": "CWE-908 Use of Uninitialized Resource",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-03T18:08:56.904Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0021"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autodesk AutoCAD DXF File Parsing Unitialized Variable Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-8896",
    "datePublished": "2024-10-29T21:43:11.437Z",
    "dateReserved": "2024-09-16T14:34:49.668Z",
    "dateUpdated": "2025-02-03T18:08:56.904Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-23131
Vulnerability from cvelistv5
Published
2024-02-22 04:05
Modified
2025-01-28 16:44
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted STP file, when parsed in ASMIMPORT229A.dll, ASMKERN228A.dll, ASMkern229A.dll or ASMDATAX228A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk Civil 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD MAP 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_advance_steel:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_civil_3d:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23131",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-22T14:40:30.040434Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-26T16:25:14.111Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:31.784Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unknown",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "lessThan": "2021.1.4",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "version": "2021",
          "versionType": "custom",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted STP file, when parsed in ASMIMPORT229A.dll, ASMKERN228A.dll, ASMkern229A.dll or ASMDATAX228A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted STP file, when parsed in ASMIMPORT229A.dll, ASMKERN228A.dll, ASMkern229A.dll or ASMDATAX228A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119 Memory Corruption - Generic",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-28T16:44:58.568Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
        },
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
        },
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-23131",
    "datePublished": "2024-02-22T04:05:15.064Z",
    "dateReserved": "2024-01-11T21:47:40.856Z",
    "dateUpdated": "2025-01-28T16:44:58.568Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-23151
Vulnerability from cvelistv5
Published
2024-06-25 03:24
Modified
2025-02-10 20:56
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted 3DM file, when parsed in ASMkern229A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Civil 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MAP 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2024.1.5",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2024.1.5",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2024.1.5",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23151",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-26T19:49:38.703918Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-10T14:26:05.520Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:31.713Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted 3DM file, when parsed in ASMkern229A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted 3DM file, when parsed in ASMkern229A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-10T20:56:29.024Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-23151",
    "datePublished": "2024-06-25T03:24:54.043Z",
    "dateReserved": "2024-01-11T21:51:21.127Z",
    "dateUpdated": "2025-02-10T20:56:29.024Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-23159
Vulnerability from cvelistv5
Published
2024-06-25 03:33
Modified
2025-01-28 17:22
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted STP file, when parsed in stp_aim_x64_vc15d.dll through Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Civil 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MAP 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_architecture",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_electrical",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_map_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_mechanical",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_mep",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_plant_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23159",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-27T20:33:57.567211Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-27T20:34:05.942Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:31.524Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted STP file, when parsed in stp_aim_x64_vc15d.dll through Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted STP file, when parsed in stp_aim_x64_vc15d.dll through Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-457",
              "description": "CWE-457: Use of Uninitialized Variable",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-28T17:22:00.922Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-23159",
    "datePublished": "2024-06-25T03:33:00.849Z",
    "dateReserved": "2024-01-11T21:51:41.602Z",
    "dateUpdated": "2025-01-28T17:22:00.922Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-23135
Vulnerability from cvelistv5
Published
2024-02-22 04:34
Modified
2025-01-27 18:00
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted SLDPRT file in ASMkern228A.dll when parsed through Autodesk applications can be used in user-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk Civil 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD MAP 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_advance_steel:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_civil_3d:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23135",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-22T14:40:30.040434Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-26T16:23:06.907Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:30.696Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted SLDPRT file in ASMkern228A.dll when parsed through Autodesk applications can be used in user-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted SLDPRT file in ASMkern228A.dll when parsed through Autodesk applications can be used in user-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-27T18:00:30.254Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
        },
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-23135",
    "datePublished": "2024-02-22T04:34:27.533Z",
    "dateReserved": "2024-01-11T21:47:40.857Z",
    "dateUpdated": "2025-01-27T18:00:30.254Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-23127
Vulnerability from cvelistv5
Published
2024-02-22 02:59
Modified
2025-01-28 16:41
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted MODEL, SLDPRT, or SLDASM file, when parsed in ODXSW_DLL.dll and libodxdll.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk Civil 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD MAP 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_advance_steel:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_civil_3d:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23127",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-22T14:40:30.040434Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-26T16:27:13.556Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:31.212Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unknown",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "lessThan": "2021.1.4",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "version": "2021",
          "versionType": "custom",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted MODEL, SLDPRT, or SLDASM file, when parsed in ODXSW_DLL.dll and libodxdll.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted MODEL, SLDPRT, or SLDASM file, when parsed in ODXSW_DLL.dll and libodxdll.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-28T16:41:31.146Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
        },
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
        },
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-23127",
    "datePublished": "2024-02-22T02:59:48.198Z",
    "dateReserved": "2024-01-11T21:46:45.746Z",
    "dateUpdated": "2025-01-28T16:41:31.146Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-23134
Vulnerability from cvelistv5
Published
2024-02-22 04:27
Modified
2025-01-28 16:59
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted IGS file in tbb.dll when parsed through Autodesk AutoCAD can be used in user-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4**
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4**
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4**
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4**
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4**
 Create a notification for this product.
   Autodesk Civil 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4**
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4**
 Create a notification for this product.
   Autodesk AutoCAD MAP 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4**
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_electrical:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_electrical",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_map_3d:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_map_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_advance_steel:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_civil_3d:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_architecture:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_architecture",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_mechanical:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_mechanical",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_mep:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_mep",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_plant_3d:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_plant_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23134",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-22T14:40:30.040434Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-26T16:44:12.044Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:31.292Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4**",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4**",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4**",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4**",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4**",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unknown",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4**",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4**",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "lessThan": "2021.1.4**",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "version": "2021",
          "versionType": "custom",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4**",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted IGS file in tbb.dll when parsed through Autodesk AutoCAD can be used in user-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted IGS file in tbb.dll when parsed through Autodesk AutoCAD can be used in user-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-28T16:59:21.137Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
        },
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
        },
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-23134",
    "datePublished": "2024-02-22T04:27:15.155Z",
    "dateReserved": "2024-01-11T21:47:40.856Z",
    "dateUpdated": "2025-01-28T16:59:21.137Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-0446
Vulnerability from cvelistv5
Published
2024-02-21 23:16
Modified
2025-02-10 21:11
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted STP, CATPART or MODEL file, when parsed in ASMKERN228A.dll and ASMdatax229A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk Civil 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD MAP 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_electrical:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_electrical",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_map_3d:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_map_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_advance_steel:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_civil_3d:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_architecture:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_architecture",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_mechanical:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_mechanical",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_mep:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_mep",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_plant_3d:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_plant_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-0446",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-22T18:06:35.579754Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-26T16:46:59.046Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:04:49.768Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unknown",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted STP, CATPART or MODEL file, when parsed in ASMKERN228A.dll and ASMdatax229A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted STP, CATPART or MODEL file, when parsed in ASMKERN228A.dll and ASMdatax229A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-10T21:11:14.382Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
        },
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
        },
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-0446",
    "datePublished": "2024-02-21T23:16:32.477Z",
    "dateReserved": "2024-01-11T21:51:23.386Z",
    "dateUpdated": "2025-02-10T21:11:14.382Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-8592
Vulnerability from cvelistv5
Published
2024-10-29 21:39
Modified
2025-02-03 17:05
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted CATPART file when parsed in AcTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0020
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2024   < 2024.1.6
 Create a notification for this product.
   Autodesk AutoCAD LT Version: 2024   < 2024.1.6
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2024   < 2024.1.6
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2024   < 2024.1.6
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2024   < 2024.1.6
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2024   < 2024.1.6
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2024   < 2024.1.6
 Create a notification for this product.
   AutoCAD Civil 3D Version: 2024   < 2024.1.6
 Create a notification for this product.
   Autodesk Advance Steel Version: 2024   < 2024.1.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8592",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:34.701094Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:01:34.310Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2024.1.6",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_lt:2024:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD LT",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2024.1.6",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2024.1.6",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2024.1.6",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2024.1.6",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2024.1.6",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2024.1.6",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_civil_3d:2024:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "AutoCAD",
          "versions": [
            {
              "lessThan": "2024.1.6",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_advance_steel:2024:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2024.1.6",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted CATPART file when parsed in AcTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability.  A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted CATPART file when parsed in AcTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability.  A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-03T17:05:26.245Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0020"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autodesk AutoCAD CATPART File Parsing Memory Corruption Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-8592",
    "datePublished": "2024-10-29T21:39:37.707Z",
    "dateReserved": "2024-09-09T04:38:44.793Z",
    "dateUpdated": "2025-02-03T17:05:26.245Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-23147
Vulnerability from cvelistv5
Published
2024-06-25 02:32
Modified
2025-01-28 16:36
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted CATPART, X_B and STEP, when parsed in ASMKERN228A.dll and ASMKERN229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Civil 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MAP 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23147",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-25T13:29:29.658321Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-25T13:29:34.487Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:31.741Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e A maliciously crafted CATPART, X_B and STEP, when parsed in ASMKERN228A.dll and ASMKERN229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted CATPART, X_B and STEP, when parsed in ASMKERN228A.dll and ASMKERN229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119 Memory Corruption - Generic",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-28T16:36:26.055Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-23147",
    "datePublished": "2024-06-25T02:32:13.779Z",
    "dateReserved": "2024-01-11T21:51:21.127Z",
    "dateUpdated": "2025-01-28T16:36:26.055Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-8596
Vulnerability from cvelistv5
Published
2024-10-29 21:11
Modified
2025-02-10 20:45
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted MODEL file, when parsed in libodxdll.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
https://autodesk.com/trust/security-advisories/adsk-sa-2024-0019
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1.1
 Create a notification for this product.
   AutoCAD Civil 3D Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8596",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:44.864873Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:02:35.307Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "AutoCAD",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted MODEL file, when parsed in libodxdll.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted MODEL file, when parsed in libodxdll.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-10T20:45:39.167Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autodesk AutoCAD MODEL File Parsing Out-Of-Bounds Write Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-8596",
    "datePublished": "2024-10-29T21:11:36.053Z",
    "dateReserved": "2024-09-09T04:55:18.208Z",
    "dateUpdated": "2025-02-10T20:45:39.167Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-9997
Vulnerability from cvelistv5
Published
2024-10-29 21:45
Modified
2025-02-03 18:07
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted DWG file when parsed in acdb25.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0021
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD LT Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1.1
 Create a notification for this product.
   AutoCAD Civil 3D Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk DWG TrueView Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Infrastructure Parts Editor Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Inventor Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Navisworks Manage Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Navisworks Simulate Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Revit Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Vault Basic Client Version: 2025   < 2025.1.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-9997",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:29.745174Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:00:57.856Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_lt:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD LT",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "AutoCAD",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:dwg_trueview:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "DWG TrueView",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:infrastructure_parts_editor:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Infrastructure Parts Editor",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:inventor:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Inventor",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:navisworks_manage:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Navisworks Manage",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:navisworks_simulate:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Navisworks Simulate",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:revit:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Revit",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:vault_basic_client:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Vault Basic Client",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted DWG file when parsed in acdb25.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability.  A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted DWG file when parsed in acdb25.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability.  A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-03T18:07:41.813Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0021"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autodesk AutoCAD DWG File Parsing Memory Corruption Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-9997",
    "datePublished": "2024-10-29T21:45:59.005Z",
    "dateReserved": "2024-10-15T13:39:39.800Z",
    "dateUpdated": "2025-02-03T18:07:41.813Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-23148
Vulnerability from cvelistv5
Published
2024-06-25 02:42
Modified
2025-01-27 21:42
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Civil 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MAP 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23148",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-25T13:28:48.562977Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-25T13:28:53.912Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:32.154Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119 Memory Corruption - Generic",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-27T21:42:43.484Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-23148",
    "datePublished": "2024-06-25T02:42:11.300Z",
    "dateReserved": "2024-01-11T21:51:21.127Z",
    "dateUpdated": "2025-01-27T21:42:43.484Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-37001
Vulnerability from cvelistv5
Published
2024-06-25 03:03
Modified
2025-01-28 17:14
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Civil 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MAP 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-37001",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-25T13:27:08.824776Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-25T13:27:16.818Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:43:50.467Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122 Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-28T17:14:26.439Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-37001",
    "datePublished": "2024-06-25T03:03:33.153Z",
    "dateReserved": "2024-05-30T20:11:46.549Z",
    "dateUpdated": "2025-01-28T17:14:26.439Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-23129
Vulnerability from cvelistv5
Published
2024-02-22 03:24
Modified
2025-01-28 16:43
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted MODEL 3DM, STP, or SLDASM file, when in opennurbs.dll parsed through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk Civil 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD MAP 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_advance_steel:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_civil_3d:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23129",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-22T14:40:30.040434Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-26T16:26:21.444Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:30.761Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unknown",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "lessThan": "2021.1.4",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "version": "2021",
          "versionType": "custom",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted MODEL 3DM, STP, or SLDASM file, when in opennurbs.dll parsed through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted MODEL 3DM, STP, or SLDASM file, when in opennurbs.dll parsed through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119 Memory Corruption - Generic",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-28T16:43:20.955Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
        },
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
        },
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-23129",
    "datePublished": "2024-02-22T03:24:17.047Z",
    "dateReserved": "2024-01-11T21:46:45.746Z",
    "dateUpdated": "2025-01-28T16:43:20.955Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-37006
Vulnerability from cvelistv5
Published
2024-06-25 03:15
Modified
2025-01-28 16:15
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Civil 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MAP 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-37006",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-25T13:16:33.319239Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-25T21:04:07.767Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:43:50.517Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119 Memory Corruption - Generic",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-28T16:15:50.637Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-37006",
    "datePublished": "2024-06-25T03:15:46.957Z",
    "dateReserved": "2024-05-30T20:11:46.549Z",
    "dateUpdated": "2025-01-28T16:15:50.637Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-8591
Vulnerability from cvelistv5
Published
2024-10-29 21:08
Modified
2025-02-03 17:19
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted 3DM file when parsed in AcTranslators.exe through Autodesk AutoCAD can force a Heap-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
References
https://autodesk.com/trust/security-advisories/adsk-sa-2024-0019
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1.1
 Create a notification for this product.
   AutoCAD Civil 3D Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8591",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:49.844455Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:03:18.188Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "AutoCAD",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted 3DM file when parsed in AcTranslators.exe through Autodesk AutoCAD can force a Heap-Based Buffer Overflow vulnerability.  A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
            }
          ],
          "value": "A maliciously crafted 3DM file when parsed in AcTranslators.exe through Autodesk AutoCAD can force a Heap-Based Buffer Overflow vulnerability.  A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122 Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-03T17:19:16.297Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autodesk AutoCAD 3DM File Parsing Heap-based Buffer Overflow Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-8591",
    "datePublished": "2024-10-29T21:08:22.860Z",
    "dateReserved": "2024-09-09T04:34:57.640Z",
    "dateUpdated": "2025-02-03T17:19:16.297Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-23141
Vulnerability from cvelistv5
Published
2024-06-25 01:22
Modified
2025-01-28 17:07
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted MODEL file, when parsed in libodxdll through Autodesk applications, can cause a double free. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Civil 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MAP 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_architecture",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_electrical",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_map_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_mechanical",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_mep",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_plant_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23141",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-25T13:49:27.556946Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-25T13:49:33.135Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:31.764Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted MODEL file, when parsed in libodxdll through Autodesk applications, can cause a double free. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted MODEL file, when parsed in libodxdll through Autodesk applications, can cause a double free. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-415",
              "description": "CWE-415 Double Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-28T17:07:41.834Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-23141",
    "datePublished": "2024-06-25T01:22:38.407Z",
    "dateReserved": "2024-01-11T21:51:08.013Z",
    "dateUpdated": "2025-01-28T17:07:41.834Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-8589
Vulnerability from cvelistv5
Published
2024-10-29 21:07
Modified
2025-02-03 17:18
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
References
https://autodesk.com/trust/security-advisories/adsk-sa-2024-0019
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1.1
 Create a notification for this product.
   AutoCAD Civil 3D Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8589",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:52.742459Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:03:37.771Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "AutoCAD",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Out-of-Bounds Read vulnerability.  A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
            }
          ],
          "value": "A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Out-of-Bounds Read vulnerability.  A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-03T17:18:15.698Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autodesk AutoCAD SLDPRT File Parsing Out-Of-Bounds Read Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-8589",
    "datePublished": "2024-10-29T21:07:02.412Z",
    "dateReserved": "2024-09-09T04:19:18.839Z",
    "dateUpdated": "2025-02-03T17:18:15.698Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-23150
Vulnerability from cvelistv5
Published
2024-06-25 03:17
Modified
2025-02-10 20:55
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted PRT file, when parsed in odxug_dll.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Civil 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MAP 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_architecture",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_electrical",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_map_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_mechanical",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_mep",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_plant_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23150",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-27T20:31:33.417050Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-27T20:32:16.056Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:31.805Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted PRT file, when parsed in odxug_dll.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted PRT file, when parsed in odxug_dll.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-10T20:55:21.598Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-23150",
    "datePublished": "2024-06-25T03:17:21.321Z",
    "dateReserved": "2024-01-11T21:51:21.127Z",
    "dateUpdated": "2025-02-10T20:55:21.598Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-8595
Vulnerability from cvelistv5
Published
2024-10-29 21:10
Modified
2025-02-03 17:20
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
References
https://autodesk.com/trust/security-advisories/adsk-sa-2024-0019
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1.1
 Create a notification for this product.
   AutoCAD Civil 3D Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8595",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:46.090065Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:02:46.129Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "AutoCAD",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
            }
          ],
          "value": "A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-03T17:20:26.911Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autodesk AutoCAD MODEL File Parsing Use-After-Free Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-8595",
    "datePublished": "2024-10-29T21:10:46.829Z",
    "dateReserved": "2024-09-09T04:51:46.055Z",
    "dateUpdated": "2025-02-03T17:20:26.911Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-23126
Vulnerability from cvelistv5
Published
2024-02-22 02:25
Modified
2025-01-30 18:36
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted CATPART file when parsed CC5Dll.dll through Autodesk applications can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk Civil 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD MAP 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_advance_steel:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_civil_3d:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23126",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-22T14:40:30.040434Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-26T16:49:30.533Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:30.572Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted CATPART file when parsed CC5Dll.dll through Autodesk applications can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted CATPART file when parsed CC5Dll.dll through Autodesk applications can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-30T18:36:29.533Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
        },
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-23126",
    "datePublished": "2024-02-22T02:25:01.889Z",
    "dateReserved": "2024-01-11T21:46:45.746Z",
    "dateUpdated": "2025-01-30T18:36:29.533Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-23128
Vulnerability from cvelistv5
Published
2024-02-22 03:18
Modified
2025-01-28 16:20
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted MODEL file, when parsed in libodxdll.dll and ASMDATAX229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk Civil 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD MAP 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_advance_steel:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_civil_3d:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23128",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-22T14:27:14.348745Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-26T16:26:50.336Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:30.695Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unknown",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "lessThan": "2021.1.4",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "version": "2021",
          "versionType": "custom",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted MODEL file, when parsed in libodxdll.dll and ASMDATAX229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted MODEL file, when parsed in libodxdll.dll and ASMDATAX229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119 Memory Corruption - Generic",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-28T16:20:38.429Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
        },
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
        },
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-23128",
    "datePublished": "2024-02-22T03:18:00.232Z",
    "dateReserved": "2024-01-11T21:46:45.746Z",
    "dateUpdated": "2025-01-28T16:20:38.429Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-36999
Vulnerability from cvelistv5
Published
2024-06-25 03:33
Modified
2025-02-10 20:53
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Civil 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MAP 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:2024.1.5:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2024.1.5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_architecture:2024.1.5:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_architecture",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2024.1.5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_electrical:2024.1.5:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_electrical",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2024.1.5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_map_3d:2024.1.5:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_map_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2024.1.5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_mechanical:2024.1.5:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_mechanical",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2024.1.5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_mep:2024.1.5:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_mep",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2024.1.5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_plant_3d:2024.1.5:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_plant_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2024.1.5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_civil_3d:2024.1.5:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2024.1.5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_advance_steel:2024.1.5:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2024.1.5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-36999",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-26T19:11:39.790482Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-26T19:18:29.026Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:43:50.596Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-10T20:53:40.826Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-36999",
    "datePublished": "2024-06-25T03:33:58.183Z",
    "dateReserved": "2024-05-30T20:11:46.548Z",
    "dateUpdated": "2025-02-10T20:53:40.826Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-23125
Vulnerability from cvelistv5
Published
2024-02-22 02:23
Modified
2025-01-30 18:35
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted SLDPRT file when parsed ODXSW_DLL.dll through Autodesk applications can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk Civil 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD MAP 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_advance_steel:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_civil_3d:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23125",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-22T14:40:30.040434Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-26T16:49:02.446Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:30.719Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted SLDPRT file when parsed ODXSW_DLL.dll through Autodesk applications can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted SLDPRT file when parsed ODXSW_DLL.dll through Autodesk applications can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-30T18:35:55.550Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-23125",
    "datePublished": "2024-02-22T02:23:09.032Z",
    "dateReserved": "2024-01-11T21:46:45.746Z",
    "dateUpdated": "2025-01-30T18:35:55.550Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-9826
Vulnerability from cvelistv5
Published
2024-10-29 21:14
Modified
2025-02-03 17:22
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted 3DM file when parsed in atf_api.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
References
https://autodesk.com/trust/security-advisories/adsk-sa-2024-0019
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1.1
 Create a notification for this product.
   AutoCAD Civil 3D Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-9826",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:37.301745Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:01:50.007Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "AutoCAD",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted 3DM file when parsed in atf_api.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
            }
          ],
          "value": "A maliciously crafted 3DM file when parsed in atf_api.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-03T17:22:37.826Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autodesk AutoCAD ACTranslators 3DM File Parsing Use-After-Free Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-9826",
    "datePublished": "2024-10-29T21:14:31.382Z",
    "dateReserved": "2024-10-10T18:38:23.523Z",
    "dateUpdated": "2025-02-03T17:22:37.826Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-23156
Vulnerability from cvelistv5
Published
2024-06-25 03:30
Modified
2025-01-28 17:44
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted 3DM file, when parsed in opennurbs.dll and ASMkern229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Civil 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MAP 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:-:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:-:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_architecture:-:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:-:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_electrical:-:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_map_3d:-:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mechanical:-:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mep:-:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_plant_3d:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_plant_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2024.1.5",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23156",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-26T19:14:44.418256Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-26T19:17:50.940Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:32.153Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted 3DM file, when parsed in opennurbs.dll and ASMkern229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted 3DM file, when parsed in opennurbs.dll and ASMkern229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119 Memory Corruption - Generic",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-28T17:44:43.777Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-23156",
    "datePublished": "2024-06-25T03:30:03.304Z",
    "dateReserved": "2024-01-11T21:51:41.601Z",
    "dateUpdated": "2025-01-28T17:44:43.777Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-23136
Vulnerability from cvelistv5
Published
2024-02-22 04:48
Modified
2025-02-03 15:44
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted STP file in ASMKERN228A.dll when parsed through Autodesk applications can be used to dereference an untrusted pointer. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk Civil 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD MAP 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_advance_steel:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_civil_3d:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23136",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-22T14:40:30.040434Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-26T16:23:25.405Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:30.674Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted STP file in ASMKERN228A.dll when parsed through Autodesk applications can be used to dereference an untrusted pointer. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted STP file in ASMKERN228A.dll when parsed through Autodesk applications can be used to dereference an untrusted pointer. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-129",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-129 Pointer Manipulation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-822",
              "description": "CWE-822: Untrusted Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-03T15:44:07.671Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
        },
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-23136",
    "datePublished": "2024-02-22T04:48:25.677Z",
    "dateReserved": "2024-01-11T21:47:40.857Z",
    "dateUpdated": "2025-02-03T15:44:07.671Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-37004
Vulnerability from cvelistv5
Published
2024-06-25 03:13
Modified
2025-01-28 17:12
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted SLDPRT file, when parsed in ASMKERN229A.dll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Civil 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MAP 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-37004",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-25T13:24:45.484817Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-25T13:24:49.966Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:43:50.581Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted SLDPRT file, when parsed in ASMKERN229A.dll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted SLDPRT file, when parsed in ASMKERN229A.dll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-28T17:12:07.987Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-37004",
    "datePublished": "2024-06-25T03:13:05.174Z",
    "dateReserved": "2024-05-30T20:11:46.549Z",
    "dateUpdated": "2025-01-28T17:12:07.987Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-9827
Vulnerability from cvelistv5
Published
2024-10-29 21:14
Modified
2025-02-03 17:24
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted CATPART file when parsed in CC5Dll.dll through Autodesk AutoCAD can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
https://autodesk.com/trust/security-advisories/adsk-sa-2024-0019
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1.1
 Create a notification for this product.
   AutoCAD Civil 3D Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-9827",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:36.054365Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:01:41.929Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "AutoCAD",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted CATPART file when parsed in CC5Dll.dll through Autodesk AutoCAD can force an Out-of-Bounds Read vulnerability.  A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
            }
          ],
          "value": "A maliciously crafted CATPART file when parsed in CC5Dll.dll through Autodesk AutoCAD can force an Out-of-Bounds Read vulnerability.  A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-03T17:24:29.104Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autodesk AutoCAD ACTranslators CATPART File Parsing Out-Of-Bounds Read Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-9827",
    "datePublished": "2024-10-29T21:14:55.716Z",
    "dateReserved": "2024-10-10T19:01:38.304Z",
    "dateUpdated": "2025-02-03T17:24:29.104Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-23137
Vulnerability from cvelistv5
Published
2024-02-22 04:49
Modified
2025-01-28 17:00
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted STP or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk Civil 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD MAP 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_advance_steel:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_civil_3d:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23137",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-25T14:01:49.435037Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-26T16:24:17.429Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:30.731Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unknown",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "lessThan": "2021.1.4",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "version": "2021",
          "versionType": "custom",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted STP or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted STP or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-457",
              "description": "CWE-457: Use of Uninitialized Variable",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-28T17:00:16.112Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
        },
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
        },
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-23137",
    "datePublished": "2024-02-22T04:49:50.154Z",
    "dateReserved": "2024-01-11T21:47:40.857Z",
    "dateUpdated": "2025-01-28T17:00:16.112Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-8587
Vulnerability from cvelistv5
Published
2024-10-29 21:03
Modified
2025-02-03 17:17
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Heap Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1.1
 Create a notification for this product.
   AutoCAD Civil 3D Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8587",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:55.963535Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:03:53.927Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "AutoCAD",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Heap Based Buffer Overflow vulnerability.  A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
            }
          ],
          "value": "A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Heap Based Buffer Overflow vulnerability.  A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122 Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-03T17:17:15.453Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autodesk AutoCAD SLDPRT File Parsing Heap-based Buffer Overflow Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-8587",
    "datePublished": "2024-10-29T21:03:58.156Z",
    "dateReserved": "2024-09-09T03:01:59.536Z",
    "dateUpdated": "2025-02-03T17:17:15.453Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-37005
Vulnerability from cvelistv5
Published
2024-06-25 03:13
Modified
2025-01-28 17:11
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted X_B file, when parsed in pskernel.DLL through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Civil 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MAP 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-37005",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-25T13:24:16.255743Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-25T13:24:21.346Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:43:50.683Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted X_B file, when parsed in pskernel.DLL through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted X_B file, when parsed in pskernel.DLL through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-28T17:11:33.127Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-37005",
    "datePublished": "2024-06-25T03:13:51.990Z",
    "dateReserved": "2024-05-30T20:11:46.549Z",
    "dateUpdated": "2025-01-28T17:11:33.127Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-8594
Vulnerability from cvelistv5
Published
2024-10-29 21:09
Modified
2025-02-03 17:20
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
References
https://autodesk.com/trust/security-advisories/adsk-sa-2024-0019
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1.1
 Create a notification for this product.
   AutoCAD Civil 3D Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8594",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:47.322086Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:02:55.732Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "AutoCAD",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122 Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-03T17:20:04.774Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autodesk AutoCAD MODEL File Parsing Heap-based Buffer Overflow Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-8594",
    "datePublished": "2024-10-29T21:09:53.149Z",
    "dateReserved": "2024-09-09T04:47:17.676Z",
    "dateUpdated": "2025-02-03T17:20:04.774Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-23144
Vulnerability from cvelistv5
Published
2024-06-25 02:10
Modified
2025-02-10 21:00
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMBASE228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Civil 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MAP 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23144",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-25T13:31:17.885600Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-25T13:31:22.080Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:31.414Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMBASE228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMBASE228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-10T21:00:57.694Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-23144",
    "datePublished": "2024-06-25T02:10:02.389Z",
    "dateReserved": "2024-01-11T21:51:08.013Z",
    "dateUpdated": "2025-02-10T21:00:57.694Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-23157
Vulnerability from cvelistv5
Published
2024-06-25 03:30
Modified
2025-01-28 17:43
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted SLDASM or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Civil 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MAP 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_architecture",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_electrical",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_map_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_mechanical",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_mep",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_plant_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23157",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-27T20:33:31.339206Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-27T20:33:37.827Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:31.791Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted SLDASM or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted SLDASM or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119 Memory Corruption - Generic",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-28T17:43:23.440Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-23157",
    "datePublished": "2024-06-25T03:30:58.799Z",
    "dateReserved": "2024-01-11T21:51:41.601Z",
    "dateUpdated": "2025-01-28T17:43:23.440Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-37003
Vulnerability from cvelistv5
Published
2024-06-25 03:12
Modified
2025-01-28 17:12
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted DWG and SLDPRT file, when parsed in opennurbs.dll and ODXSW_DLL.dll through Autodesk applications, can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Civil 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MAP 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-37003",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-25T13:25:12.539478Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-25T13:25:18.240Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:43:50.579Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWG and SLDPRT file, when parsed in opennurbs.dll and ODXSW_DLL.dll through Autodesk applications, can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted DWG and SLDPRT file, when parsed in opennurbs.dll and ODXSW_DLL.dll through Autodesk applications, can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-28T17:12:49.483Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-37003",
    "datePublished": "2024-06-25T03:12:13.660Z",
    "dateReserved": "2024-05-30T20:11:46.549Z",
    "dateUpdated": "2025-01-28T17:12:49.483Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-8588
Vulnerability from cvelistv5
Published
2024-10-29 21:06
Modified
2025-02-03 17:17
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
References
https://autodesk.com/trust/security-advisories/adsk-sa-2024-0019
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1.1
 Create a notification for this product.
   AutoCAD Civil 3D Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8588",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:54.487477Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:03:46.231Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "AutoCAD",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Out-of-Bounds Read vulnerability.  A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
            }
          ],
          "value": "A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Out-of-Bounds Read vulnerability.  A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-03T17:17:46.050Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autodesk AutoCAD SLDPRT File Parsing Out-Of-Bounds Read Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-8588",
    "datePublished": "2024-10-29T21:06:17.695Z",
    "dateReserved": "2024-09-09T04:11:56.456Z",
    "dateUpdated": "2025-02-03T17:17:46.050Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-23138
Vulnerability from cvelistv5
Published
2024-03-17 23:56
Modified
2025-01-28 18:31
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted DWG file when parsed through Autodesk DWG TrueView can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0006
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk Civil 3D Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk Advance Steel Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD MAP 3D Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD LT Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Mac Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.4.1
 Create a notification for this product.
   Autodesk AutoCAD LT for Mac Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.4.1
 Create a notification for this product.
   Autodesk DWG TrueView Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:30.676Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0006"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_civil_3d:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_mechanical:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_mechanical",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_plant_3d:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_plant_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_electrical:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_electrical",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_map_3d:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_map_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_advance_steel:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_architecture:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_architecture",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_mep:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_mep",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23138",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-12T04:00:27.602332Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:43:04.862Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_lt:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:aautocad_lt:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_lt:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_lt:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD LT",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mac:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mac:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mac:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mac",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.4.1",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_lt_for_mac:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_lt_for_mac:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_lt_for_mac:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD LT for Mac",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.4.1",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:dwg_trueview:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:dwg_trueview:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:dwg_trueview:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "DWG TrueView",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWG file when parsed through Autodesk DWG TrueView can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted DWG file when parsed through Autodesk DWG TrueView can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-28T18:31:08.067Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0006"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Stack-based Overflow Vulnerability in the TrueViewTM Desktop Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-23138",
    "datePublished": "2024-03-17T23:56:39.590Z",
    "dateReserved": "2024-01-11T21:47:40.857Z",
    "dateUpdated": "2025-01-28T18:31:08.067Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-23149
Vulnerability from cvelistv5
Published
2024-06-25 02:43
Modified
2025-01-28 17:17
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted SLDDRW file, when parsed in ODXSW_DLL.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Civil 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MAP 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23149",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-25T13:18:08.558926Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-125",
                "description": "CWE-125 Out-of-bounds Read",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-28T16:36:03.136Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:31.673Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e A maliciously crafted SLDDRW file, when parsed in ODXSW_DLL.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted SLDDRW file, when parsed in ODXSW_DLL.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-28T17:17:05.420Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-23149",
    "datePublished": "2024-06-25T02:43:08.569Z",
    "dateReserved": "2024-01-11T21:51:21.127Z",
    "dateUpdated": "2025-01-28T17:17:05.420Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-23124
Vulnerability from cvelistv5
Published
2024-02-22 02:14
Modified
2025-02-10 21:10
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted STP file, when parsed in ASMIMPORT228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk Civil 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD MAP 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_advance_steel:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_civil_3d:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23124",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-22T14:40:30.040434Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-26T16:48:26.955Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:30.697Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted STP file, when parsed in ASMIMPORT228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted STP file, when parsed in ASMIMPORT228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-10T21:10:20.225Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
        },
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-23124",
    "datePublished": "2024-02-22T02:14:25.627Z",
    "dateReserved": "2024-01-11T21:46:45.746Z",
    "dateUpdated": "2025-02-10T21:10:20.225Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-8590
Vulnerability from cvelistv5
Published
2024-10-29 21:07
Modified
2025-02-03 17:18
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted 3DM file when parsed in atf_api.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
References
https://autodesk.com/trust/security-advisories/adsk-sa-2024-0019
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1.1
 Create a notification for this product.
   AutoCAD Civil 3D Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8590",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:51.045399Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:03:28.300Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "AutoCAD",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted 3DM file when parsed in atf_api.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability.  A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
            }
          ],
          "value": "A maliciously crafted 3DM file when parsed in atf_api.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability.  A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-03T17:18:48.371Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autodesk AutoCAD 3DM File Parsing Use-After-Free Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-8590",
    "datePublished": "2024-10-29T21:07:47.121Z",
    "dateReserved": "2024-09-09T04:30:14.958Z",
    "dateUpdated": "2025-02-03T17:18:48.371Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-23121
Vulnerability from cvelistv5
Published
2024-02-22 01:18
Modified
2025-02-10 21:06
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted MODEL file, when parsed in libodxdll.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk Civil 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD MAP 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_electrical:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_electrical",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_map_3d:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_map_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_plant_3d:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_plant_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_advance_steel:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_civil_3d:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_architecture:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_architecture",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_mechanical:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_mechanical",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_mep:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_mep",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23121",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-22T14:39:38.054542Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-26T16:44:37.274Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:31.662Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unknown",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "lessThan": "2021.1.4",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "version": "2021",
          "versionType": "custom",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted MODEL file, when parsed in libodxdll.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted MODEL file, when parsed in libodxdll.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-10T21:06:41.131Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
        },
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
        },
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-23121",
    "datePublished": "2024-02-22T01:18:23.487Z",
    "dateReserved": "2024-01-11T21:46:45.745Z",
    "dateUpdated": "2025-02-10T21:06:41.131Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-37000
Vulnerability from cvelistv5
Published
2024-06-25 03:01
Modified
2025-01-28 17:16
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted X_B file, when parsed in pskernel.DLL through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Civil 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MAP 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-37000",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-25T13:23:33.352025Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-25T13:23:40.959Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:43:50.657Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted X_B file, when parsed in pskernel.DLL through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted X_B file, when parsed in pskernel.DLL through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119 Memory Corruption - Generic",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-28T17:16:03.323Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-37000",
    "datePublished": "2024-06-25T03:01:53.604Z",
    "dateReserved": "2024-05-30T20:11:46.549Z",
    "dateUpdated": "2025-01-28T17:16:03.323Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-23155
Vulnerability from cvelistv5
Published
2024-06-25 03:28
Modified
2025-01-28 17:45
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted MODEL file, when parsed in atf_asm_interface.dll through Autodesk applications, can be used to cause a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Civil 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MAP 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_advance_steel:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_civil_3d:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23155",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-06T15:16:32.010596Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-06T15:18:20.717Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:31.298Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted MODEL file, when parsed in atf_asm_interface.dll through Autodesk applications, can be used to cause a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted MODEL file, when parsed in atf_asm_interface.dll through Autodesk applications, can be used to cause a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122 Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-28T17:45:12.363Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-23155",
    "datePublished": "2024-06-25T03:28:44.767Z",
    "dateReserved": "2024-01-11T21:51:41.601Z",
    "dateUpdated": "2025-01-28T17:45:12.363Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-23158
Vulnerability from cvelistv5
Published
2024-06-25 03:31
Modified
2025-01-28 17:42
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted IGES file, when parsed in ASMImport229A.dll through Autodesk applications, can be used to cause a use-after-free vulnerability. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Civil 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MAP 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_advance_steel:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 4.2,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23158",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-25T14:31:23.903824Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-25T14:31:27.866Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:31.445Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted IGES file, when parsed in ASMImport229A.dll through Autodesk applications, can be used to cause a use-after-free vulnerability. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted IGES file, when parsed in ASMImport229A.dll through Autodesk applications, can be used to cause a use-after-free vulnerability. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-28T17:42:36.507Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-23158",
    "datePublished": "2024-06-25T03:31:47.315Z",
    "dateReserved": "2024-01-11T21:51:41.602Z",
    "dateUpdated": "2025-01-28T17:42:36.507Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-23133
Vulnerability from cvelistv5
Published
2024-02-22 04:11
Modified
2025-01-27 18:01
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted STP file in ASMDATAX228A.dll when parsed through Autodesk applications can lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk Civil 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD MAP 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_advance_steel:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_civil_3d:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23133",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-22T14:40:30.040434Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-26T16:27:51.295Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:31.217Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted STP file in ASMDATAX228A.dll when parsed through Autodesk applications can lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted STP file in ASMDATAX228A.dll when parsed through Autodesk applications can lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119 Memory Corruption - Generic",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-27T18:01:20.631Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
        },
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-23133",
    "datePublished": "2024-02-22T04:11:47.319Z",
    "dateReserved": "2024-01-11T21:47:40.856Z",
    "dateUpdated": "2025-01-27T18:01:20.631Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-23123
Vulnerability from cvelistv5
Published
2024-02-22 01:38
Modified
2025-02-10 21:04
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMBASE228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk Civil 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD MAP 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_advance_steel:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_civil_3d:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23123",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-22T14:40:30.040434Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-26T16:47:52.543Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:30.726Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unknown",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "lessThan": "2021.1.4",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "version": "2021",
          "versionType": "custom",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMBASE228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMBASE228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-10T21:04:15.767Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
        },
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
        },
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-23123",
    "datePublished": "2024-02-22T01:38:25.066Z",
    "dateReserved": "2024-01-11T21:46:45.746Z",
    "dateUpdated": "2025-02-10T21:04:15.767Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-23120
Vulnerability from cvelistv5
Published
2024-02-21 23:36
Modified
2025-02-10 21:07
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted STP and STEP file, when parsed in ASMIMPORT228A.dll and ASMIMPORT229A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk Civil 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD MAP 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_electrical:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_electrical",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_map_3d:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_map_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_advance_steel:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_civil_3d:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_architecture:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_architecture",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_mechanical:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_mechanical",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_mep:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_mep",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_plant_3d:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_plant_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23120",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-26T16:45:26.511301Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-26T16:45:51.357Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:30.563Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unknown",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted STP and STEP file, when parsed in ASMIMPORT228A.dll and ASMIMPORT229A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted STP and STEP file, when parsed in ASMIMPORT228A.dll and ASMIMPORT229A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-10T21:07:50.709Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
        },
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
        },
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-23120",
    "datePublished": "2024-02-21T23:36:13.617Z",
    "dateReserved": "2024-01-11T21:46:45.745Z",
    "dateUpdated": "2025-02-10T21:07:50.709Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-7991
Vulnerability from cvelistv5
Published
2024-10-29 21:49
Modified
2025-02-10 20:42
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted DWG file, when parsed through Autodesk AutoCAD and certain AutoCAD-based products, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
https://autodesk.com/trust/security-advisories/adsk-sa-2024-0021
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD LT Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1.1
 Create a notification for this product.
   AutoCAD Civil 3D Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk DWG TrueView Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Infrastructure Parts Editor Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Inventor Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Navisworks Manage Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Navisworks Simulate Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Revit Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Vault Basic Client Version: 2025   < 2025.1.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7991",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:28.629296Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:00:49.205Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_lt:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD LT",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "AutoCAD",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:dwg_trueview:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "DWG TrueView",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:infrastructure_parts_editor:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Infrastructure Parts Editor",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:inventor:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Inventor",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:navisworks_manage:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Navisworks Manage",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:navisworks_simulate:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Navisworks Simulate",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:revit:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Revit",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:vault_basic_client:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Vault Basic Client",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWG file, when parsed through Autodesk AutoCAD and certain AutoCAD-based products, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted DWG file, when parsed through Autodesk AutoCAD and certain AutoCAD-based products, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-10T20:42:38.601Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0021"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autodesk AutoCAD DWG Out-of-Bounds Write Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-7991",
    "datePublished": "2024-10-29T21:49:02.128Z",
    "dateReserved": "2024-08-19T21:37:04.701Z",
    "dateUpdated": "2025-02-10T20:42:38.601Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-9996
Vulnerability from cvelistv5
Published
2024-10-29 21:45
Modified
2025-02-10 20:41
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted DWG file, when parsed in acdb25.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0021
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD LT Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1.1
 Create a notification for this product.
   AutoCAD Civil 3D Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk DWG TrueView Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Infrastructure Parts Editor Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Inventor Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Navisworks Manage Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Navisworks Simulate Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Revit Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Vault Basic Client Version: 2025   < 2025.1.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-9996",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:30.961199Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:01:08.447Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_lt:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD LT",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "AutoCAD",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:dwg_trueview:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "DWG TrueView",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:infrastructure_parts_editor:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Infrastructure Parts Editor",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:inventor:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Inventor",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:navisworks_manage:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Navisworks Manage",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:navisworks_simulate:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Navisworks Simulate",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:revit:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Revit",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:vault_basic_client:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Vault Basic Client",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWG file, when parsed in acdb25.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted DWG file, when parsed in acdb25.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-10T20:41:08.698Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0021"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autodesk AutoCAD DWG File Parsing Out-Of-Bounds Write Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-9996",
    "datePublished": "2024-10-29T21:45:17.527Z",
    "dateReserved": "2024-10-15T13:39:36.931Z",
    "dateUpdated": "2025-02-10T20:41:08.698Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-37007
Vulnerability from cvelistv5
Published
2024-06-25 03:35
Modified
2025-01-28 17:49
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Civil 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MAP 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:-:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:-:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_architecture:-:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:-:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_electrical:-:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_map_3d:-:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mechanical:-:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mep:-:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_plant_3d:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_plant_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2024.1.5",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-37007",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-26T18:59:23.695414Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-26T19:12:43.909Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:43:50.671Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted X_B and X_T file, when parsed in pskernel.DLL through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-28T17:49:14.941Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-37007",
    "datePublished": "2024-06-25T03:35:23.524Z",
    "dateReserved": "2024-05-30T20:11:46.549Z",
    "dateUpdated": "2025-01-28T17:49:14.941Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-23154
Vulnerability from cvelistv5
Published
2024-06-25 03:27
Modified
2025-01-28 17:45
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Civil 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MAP 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_civil_3d:2013:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThanOrEqual": "2024",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 6.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23154",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-25T14:39:05.594512Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-25T15:05:55.662Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:31.739Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122 Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-28T17:45:43.752Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-23154",
    "datePublished": "2024-06-25T03:27:56.293Z",
    "dateReserved": "2024-01-11T21:51:21.128Z",
    "dateUpdated": "2025-01-28T17:45:43.752Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-23122
Vulnerability from cvelistv5
Published
2024-02-22 01:36
Modified
2025-02-10 21:05
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk Civil 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD MAP 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_advance_steel:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_civil_3d:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23122",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-22T14:39:23.052424Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-26T16:50:31.610Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:30.749Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unknown",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "lessThan": "2021.1.4",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "version": "2021",
          "versionType": "custom",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-10T21:05:24.234Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
        },
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
        },
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-23122",
    "datePublished": "2024-02-22T01:36:34.080Z",
    "dateReserved": "2024-01-11T21:46:45.745Z",
    "dateUpdated": "2025-02-10T21:05:24.234Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-8598
Vulnerability from cvelistv5
Published
2024-10-29 21:12
Modified
2025-02-03 17:21
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted STP file when parsed in ACTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
References
https://autodesk.com/trust/security-advisories/adsk-sa-2024-0019
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1.1
 Create a notification for this product.
   AutoCAD Civil 3D Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8598",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:41.264504Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:02:15.403Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "AutoCAD",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted STP file when parsed in ACTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.\u0026nbsp;"
            }
          ],
          "value": "A maliciously crafted STP file when parsed in ACTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-03T17:21:45.707Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autodesk AutoCAD ACTranslators STEP File Parsing Memory Corruption Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-8598",
    "datePublished": "2024-10-29T21:12:53.738Z",
    "dateReserved": "2024-09-09T05:03:22.098Z",
    "dateUpdated": "2025-02-03T17:21:45.707Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-8597
Vulnerability from cvelistv5
Published
2024-10-29 21:12
Modified
2025-02-03 17:21
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted STP file when parsed in ASMDATAX230A.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
References
https://autodesk.com/trust/security-advisories/adsk-sa-2024-0019
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1.1
 Create a notification for this product.
   AutoCAD Civil 3D Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8597",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:43.008403Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:02:24.584Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "AutoCAD",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted STP file when parsed in ASMDATAX230A.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
            }
          ],
          "value": "A maliciously crafted STP file when parsed in ASMDATAX230A.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-03T17:21:20.517Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autodesk AutoCAD STEP File Parsing Memory Corruption Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-8597",
    "datePublished": "2024-10-29T21:12:24.663Z",
    "dateReserved": "2024-09-09T04:59:35.505Z",
    "dateUpdated": "2025-02-03T17:21:20.517Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-7992
Vulnerability from cvelistv5
Published
2024-10-29 21:50
Modified
2025-02-03 18:06
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted DWG file, when parsed through Autodesk AutoCAD and certain AutoCAD-based products, can force a Stack-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
https://autodesk.com/trust/security-advisories/adsk-sa-2024-0021
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD LT Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1.1
 Create a notification for this product.
   AutoCAD Civil 3D Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk DWG TrueView Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Infrastructure Parts Editor Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Inventor Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Navisworks Manage Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Navisworks Simulate Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Revit Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Vault Basic Client Version: 2025   < 2025.1.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7992",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:27.431632Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:00:32.444Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_lt:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD LT",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "AutoCAD",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:dwg_trueview:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "DWG TrueView",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:infrastructure_parts_editor:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Infrastructure Parts Editor",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:inventor:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Inventor",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:navisworks_manage:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Navisworks Manage",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:navisworks_simulate:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Navisworks Simulate",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:revit:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Revit",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:vault_basic_client:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Vault Basic Client",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWG file, when parsed\u003c/span\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ethrough Autodesk AutoCAD and certain AutoCAD-based products, can force a Stack-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted DWG file, when parsed through Autodesk AutoCAD and certain AutoCAD-based products, can force a Stack-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-03T18:06:30.783Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0021"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autodesk AutoCAD DWG Stack-Based Buffer Overflow Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-7992",
    "datePublished": "2024-10-29T21:50:13.232Z",
    "dateReserved": "2024-08-19T21:37:08.684Z",
    "dateUpdated": "2025-02-03T18:06:30.783Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-23142
Vulnerability from cvelistv5
Published
2024-06-25 01:24
Modified
2025-01-28 17:08
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted CATPART, STP, and MODEL file, when parsed in atf_dwg_consumer.dll, rose_x64_vc15.dll and libodxdll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Civil 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MAP 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_architecture",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_electrical",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_map_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_mechanical",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_mep",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_plant_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23142",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-25T13:36:51.042238Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-25T13:48:11.351Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:31.470Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted CATPART, STP, and MODEL file, when parsed in atf_dwg_consumer.dll, rose_x64_vc15.dll and libodxdll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted CATPART, STP, and MODEL file, when parsed in atf_dwg_consumer.dll, rose_x64_vc15.dll and libodxdll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-28T17:08:45.751Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-23142",
    "datePublished": "2024-06-25T01:24:02.359Z",
    "dateReserved": "2024-01-11T21:51:08.013Z",
    "dateUpdated": "2025-01-28T17:08:45.751Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-23143
Vulnerability from cvelistv5
Published
2024-06-25 02:05
Modified
2025-01-28 17:09
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted 3DM, MODEL and X_B file, when parsed in ASMkern229A.dll and ASMBASE229A.dll through Autodesk applications, can force an Out-of-Bound Read and/or Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Civil 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MAP 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23143",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-25T13:32:09.443136Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-25T13:32:13.678Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:31.730Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted 3DM, MODEL and X_B file, when parsed in ASMkern229A.dll and ASMBASE229A.dll through Autodesk applications, can force an Out-of-Bound Read and/or Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted 3DM, MODEL and X_B file, when parsed in ASMkern229A.dll and ASMBASE229A.dll through Autodesk applications, can force an Out-of-Bound Read and/or Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-28T17:09:19.775Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-23143",
    "datePublished": "2024-06-25T02:05:33.461Z",
    "dateReserved": "2024-01-11T21:51:08.013Z",
    "dateUpdated": "2025-01-28T17:09:19.775Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-8593
Vulnerability from cvelistv5
Published
2024-10-29 21:08
Modified
2025-02-10 20:48
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted CATPART file, when parsed in ASMKERN230A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
https://autodesk.com/trust/security-advisories/adsk-sa-2024-0019
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1.1
 Create a notification for this product.
   AutoCAD Civil 3D Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8593",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:48.544566Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:03:06.010Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "AutoCAD",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted CATPART file, when parsed in ASMKERN230A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted CATPART file, when parsed in ASMKERN230A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-10T20:48:03.357Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autodesk AutoCAD CATPART File Parsing Out-Of-Bounds Write Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-8593",
    "datePublished": "2024-10-29T21:08:53.971Z",
    "dateReserved": "2024-09-09T04:41:53.966Z",
    "dateUpdated": "2025-02-10T20:48:03.357Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-23132
Vulnerability from cvelistv5
Published
2024-02-22 04:10
Modified
2025-01-27 18:02
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted STP file in atf_dwg_consumer.dll when parsed through Autodesk applications can lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk Civil 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD MAP 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_advance_steel:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_civil_3d:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23132",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-22T14:40:30.040434Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-26T16:24:43.526Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:30.681Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted STP file in atf_dwg_consumer.dll when parsed through Autodesk applications can lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted STP file in atf_dwg_consumer.dll when parsed through Autodesk applications can lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119 Memory Corruption - Generic",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-27T18:02:14.838Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
        },
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-23132",
    "datePublished": "2024-02-22T04:10:53.175Z",
    "dateReserved": "2024-01-11T21:47:40.856Z",
    "dateUpdated": "2025-01-27T18:02:14.838Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-23145
Vulnerability from cvelistv5
Published
2024-06-25 02:27
Modified
2025-01-28 17:10
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted PRT file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Civil 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MAP 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23145",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-25T13:30:24.476007Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-25T13:30:33.823Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:31.212Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted PRT file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted PRT file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-28T17:10:41.064Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-23145",
    "datePublished": "2024-06-25T02:27:23.995Z",
    "dateReserved": "2024-01-11T21:51:21.127Z",
    "dateUpdated": "2025-01-28T17:10:41.064Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-23153
Vulnerability from cvelistv5
Published
2024-06-25 03:26
Modified
2025-01-28 17:46
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted MODEL file, when parsed in libodx.dll through Autodesk applications, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Civil 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MAP 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_architecture",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_electrical",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_map_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_mechanical",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_mep",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_plant_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23153",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-27T20:33:01.431935Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-27T20:33:10.949Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:31.684Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted MODEL file, when parsed in libodx.dll through Autodesk applications, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted MODEL file, when parsed in libodx.dll through Autodesk applications, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-28T17:46:20.874Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-23153",
    "datePublished": "2024-06-25T03:26:37.392Z",
    "dateReserved": "2024-01-11T21:51:21.128Z",
    "dateUpdated": "2025-01-28T17:46:20.874Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-23140
Vulnerability from cvelistv5
Published
2024-06-25 01:01
Modified
2025-01-28 17:02
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted 3DM and MODEL file, when parsed in opennurbs.dll and atf_api.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Civil 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MAP 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_architecture",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_electrical",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_map_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_mechanical",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_mep",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_plant_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23140",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-25T13:57:54.776746Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-25T13:58:02.177Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:31.701Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted 3DM and MODEL file, when parsed in opennurbs.dll and atf_api.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted 3DM and MODEL file, when parsed in opennurbs.dll and atf_api.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-28T17:02:22.364Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-23140",
    "datePublished": "2024-06-25T01:01:56.652Z",
    "dateReserved": "2024-01-11T21:51:08.013Z",
    "dateUpdated": "2025-01-28T17:02:22.364Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-23146
Vulnerability from cvelistv5
Published
2024-06-25 02:28
Modified
2025-02-10 21:01
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Civil 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MAP 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23146",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-25T13:30:00.518542Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-25T13:30:06.364Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:31.702Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted X_B and X_T file, when parsed in pskernel.DLL through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-10T21:01:58.711Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-23146",
    "datePublished": "2024-06-25T02:28:20.607Z",
    "dateReserved": "2024-01-11T21:51:21.127Z",
    "dateUpdated": "2025-02-10T21:01:58.711Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-23130
Vulnerability from cvelistv5
Published
2024-02-22 03:33
Modified
2025-01-28 16:43
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted SLDASM or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk Civil 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
   Autodesk AutoCAD MAP 3D Version: 2025   < 2025.0.1
Version: 2024   < 2024.1.3
Version: 2023   < 2023.1.5
Version: 2022   < 2022.1.4
Version: 2021   < 2021.1.4
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_advance_steel:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_civil_3d:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23130",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-22T14:40:30.040434Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-26T16:25:46.144Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:30.563Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unknown",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "lessThan": "2021.1.4",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "version": "2021",
          "versionType": "custom",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted SLDASM or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted SLDASM or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119 Memory Corruption - Generic",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-28T16:43:57.493Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
        },
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
        },
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-23130",
    "datePublished": "2024-02-22T03:33:55.872Z",
    "dateReserved": "2024-01-11T21:47:40.855Z",
    "dateUpdated": "2025-01-28T16:43:57.493Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-23152
Vulnerability from cvelistv5
Published
2024-06-25 03:25
Modified
2025-02-04 16:52
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Civil 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MAP 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.5
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23152",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-04T16:51:34.502886Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-125",
                "description": "CWE-125 Out-of-bounds Read",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-04T16:52:08.129Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:31.703Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-28T17:47:13.846Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-23152",
    "datePublished": "2024-06-25T03:25:46.136Z",
    "dateReserved": "2024-01-11T21:51:21.127Z",
    "dateUpdated": "2025-02-04T16:52:08.129Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-9489
Vulnerability from cvelistv5
Published
2024-10-29 21:44
Modified
2025-02-03 18:04
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted DWG file when parsed in ACAD.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0021
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD LT Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1.1
 Create a notification for this product.
   AutoCAD Civil 3D Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk DWG TrueView Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Infrastructure Parts Editor Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Inventor Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Navisworks Manage Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Navisworks Simulate Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Revit Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Vault Basic Client Version: 2025   < 2025.1.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-9489",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:32.196438Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:01:17.148Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_lt:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD LT",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "AutoCAD",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:dwg_trueview:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "DWG TrueView",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:infrastructure_parts_editor:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Infrastructure Parts Editor",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:inventor:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Inventor",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:navisworks_manage:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Navisworks Manage",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:navisworks_simulate:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Navisworks Simulate",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:revit:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Revit",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:vault_basic_client:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Vault Basic Client",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted DWG file when parsed in ACAD.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
            }
          ],
          "value": "A maliciously crafted DWG file when parsed in ACAD.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-03T18:04:44.972Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0021"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autodesk AutoCAD DWG File Parsing Memory Corruption Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-9489",
    "datePublished": "2024-10-29T21:44:39.027Z",
    "dateReserved": "2024-10-03T18:19:18.769Z",
    "dateUpdated": "2025-02-03T18:04:44.972Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-8599
Vulnerability from cvelistv5
Published
2024-10-29 21:13
Modified
2025-02-03 17:22
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted STP file when parsed in ACTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
References
https://autodesk.com/trust/security-advisories/adsk-sa-2024-0019
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1.1
 Create a notification for this product.
   AutoCAD Civil 3D Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8599",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:39.962735Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:02:07.007Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "AutoCAD",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted STP file when parsed in ACTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.\u0026nbsp;"
            }
          ],
          "value": "A maliciously crafted STP file when parsed in ACTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-03T17:22:09.940Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autodesk AutoCAD ACTranslators STP File Parsing Memory Corruption Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-8599",
    "datePublished": "2024-10-29T21:13:32.979Z",
    "dateReserved": "2024-09-09T05:07:41.856Z",
    "dateUpdated": "2025-02-03T17:22:09.940Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-7305
Vulnerability from cvelistv5
Published
2024-08-19 23:28
Modified
2025-02-10 20:49
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted DWF file, when parsed in AdDwfPdk.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0014
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1
Version: 2024   < 2024.1.6
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1
Version: 2024   < 2024.1.6
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1
Version: 2024   < 2024.1.6
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1
Version: 2024   < 2024.1.6
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1
Version: 2024   < 2024.1.6
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.6
 Create a notification for this product.
   Autodesk Civil 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.6
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1
Version: 2024   < 2024.1.6
 Create a notification for this product.
   Autodesk AutoCAD LT Version: 2025   < 2025.1
Version: 2024   < 2024.1.6
 Create a notification for this product.
   Autodesk DWG TrueView Version: 2025   < 2025.1
Version: 2024   < 2024.1.6
 Create a notification for this product.
   Autodesk AutoCAD Map 3D Patch: 2025.1
Version: 2025   <
Version: 2024   <
Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_mep",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2025"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_plant_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2025"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2025"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_architecture",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2025"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_electrical",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2025"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_mechanical",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2025"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2025"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_lt:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_lt",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2025"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:dwg_trueview:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "dwg_trueview",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2025"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7305",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-21T15:12:19.030297Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-21T15:25:35.299Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.6",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.6",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.6",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.6",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.6",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.6",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.6",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.6",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_lt:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_lt:2024:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD LT",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.6",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:dwg_trueview:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:dwg_trueview:2024:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "DWG TrueView",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.6",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:hotfix:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Map 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "unaffected",
              "version": "2025.1",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "2024.1.6",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWF file, when parsed in AdDwfPdk.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003c/p\u003e"
            }
          ],
          "value": "A maliciously crafted DWF file, when parsed in AdDwfPdk.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-10T20:49:55.517Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0014"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "DWF Vulnerability in Autodesk Desktop Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-7305",
    "datePublished": "2024-08-19T23:28:23.356Z",
    "dateReserved": "2024-07-30T19:31:26.704Z",
    "dateUpdated": "2025-02-10T20:49:55.517Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-8600
Vulnerability from cvelistv5
Published
2024-10-29 21:14
Modified
2025-02-03 17:13
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
References
https://autodesk.com/trust/security-advisories/adsk-sa-2024-0019
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1.1
 Create a notification for this product.
   AutoCAD Civil 3D Version: 2025   < 2025.1.1
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8600",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:38.514092Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:01:58.383Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "AutoCAD",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability.  A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
            }
          ],
          "value": "A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability.  A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-03T17:13:19.433Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-8600",
    "datePublished": "2024-10-29T21:14:01.152Z",
    "dateReserved": "2024-09-09T05:11:47.491Z",
    "dateUpdated": "2025-02-03T17:13:19.433Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-37002
Vulnerability from cvelistv5
Published
2024-06-25 03:07
Modified
2025-01-28 17:13
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted MODEL file, when parsed in ASMkern229A.dllthrough Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
Impacted products
Vendor Product Version
Autodesk AutoCAD Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Architecture Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Electrical Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Mechanical Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MEP Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD Plant 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Civil 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk Advance Steel Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
   Autodesk AutoCAD MAP 3D Version: 2025   < 2025.1
Version: 2024   < 2024.1.4
Version: 2023   < 2023.1.6
Version: 2022   < 2022.1.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-37002",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-25T13:12:54.230669Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-863",
                "description": "CWE-863 Incorrect Authorization",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-28T16:34:16.515Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:43:50.523Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted MODEL file, when parsed in ASMkern229A.dllthrough Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted MODEL file, when parsed in ASMkern229A.dllthrough Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-457",
              "description": "CWE-457: Use of Uninitialized Variable",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-28T17:13:47.607Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-37002",
    "datePublished": "2024-06-25T03:07:28.673Z",
    "dateReserved": "2024-05-30T20:11:46.549Z",
    "dateUpdated": "2025-01-28T17:13:47.607Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

var-202106-1815
Vulnerability from variot

A maliciously crafted DWG file can be forced to read beyond allocated boundaries when parsing the DWG file. This vulnerability can be exploited to execute arbitrary code. Provided by Mitsubishi Electric Corporation GENESIS64 and MC Works64 of AutoCAD (DWG) The file import feature contains several vulnerabilities: It was * Out-of-bounds read (CWE-125) - CVE-2021-27040 ‥ * Out-of-bounds writing (CWE-787) - CVE-2021-27041 This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developers. Crafted by a third party AutoCAD (DWG) Information leaks by importing the file into the product - CVE-2021-27040 Crafted by a third party AutoCAD (DWG) By importing the file into the product, any program will be executed. - CVE-2021-27041. This vulnerability allows remote attackers to disclose sensitive information on affected installations of ICONICS GENESIS64. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Show details on source website

To clipboard 

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "autocad",
        "scope": null,
        "trust": 5.6,
        "vendor": "autodesk",
        "version": null
      },
      {
        "_id": null,
        "model": "genesis64",
        "scope": null,
        "trust": 2.1,
        "vendor": "iconics",
        "version": null
      },
      {
        "_id": null,
        "model": "autocad map 3d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022.0.1"
      },
      {
        "_id": null,
        "model": "autocad map 3d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019.1.3"
      },
      {
        "_id": null,
        "model": "civil 3d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022.0.1"
      },
      {
        "_id": null,
        "model": "civil 3d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019.1.3"
      },
      {
        "_id": null,
        "model": "autocad electrical",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020"
      },
      {
        "_id": null,
        "model": "autocad mechanical",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021"
      },
      {
        "_id": null,
        "model": "civil 3d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020.1.4"
      },
      {
        "_id": null,
        "model": "autocad",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022"
      },
      {
        "_id": null,
        "model": "autocad mep",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019.1.3"
      },
      {
        "_id": null,
        "model": "autocad mep",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022.0.1"
      },
      {
        "_id": null,
        "model": "autocad map 3d",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019"
      },
      {
        "_id": null,
        "model": "autocad electrical",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022"
      },
      {
        "_id": null,
        "model": "autocad mechanical",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020"
      },
      {
        "_id": null,
        "model": "autocad",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021.1.1"
      },
      {
        "_id": null,
        "model": "autocad map 3d",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021"
      },
      {
        "_id": null,
        "model": "autocad plant 3d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019.1.3"
      },
      {
        "_id": null,
        "model": "autocad plant 3d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022.0.1"
      },
      {
        "_id": null,
        "model": "autocad electrical",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022.0.1"
      },
      {
        "_id": null,
        "model": "autocad electrical",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019.1.3"
      },
      {
        "_id": null,
        "model": "advance steel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022.0.1"
      },
      {
        "_id": null,
        "model": "advance steel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019.1.3"
      },
      {
        "_id": null,
        "model": "civil 3d",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021"
      },
      {
        "_id": null,
        "model": "advance steel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019"
      },
      {
        "_id": null,
        "model": "autocad architecture",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019.1.3"
      },
      {
        "_id": null,
        "model": "autocad lt",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021.1.1"
      },
      {
        "_id": null,
        "model": "advance steel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020.1.4"
      },
      {
        "_id": null,
        "model": "autocad",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019"
      },
      {
        "_id": null,
        "model": "autocad",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020.1.4"
      },
      {
        "_id": null,
        "model": "civil 3d",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020"
      },
      {
        "_id": null,
        "model": "autocad mechanical",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021.1.1"
      },
      {
        "_id": null,
        "model": "autocad electrical",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019"
      },
      {
        "_id": null,
        "model": "autocad",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021"
      },
      {
        "_id": null,
        "model": "autocad plant 3d",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020"
      },
      {
        "_id": null,
        "model": "autocad electrical",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021"
      },
      {
        "_id": null,
        "model": "dwg trueview",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022.1.1"
      },
      {
        "_id": null,
        "model": "autocad mechanical",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020.1.4"
      },
      {
        "_id": null,
        "model": "autocad",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020"
      },
      {
        "_id": null,
        "model": "autocad mep",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022"
      },
      {
        "_id": null,
        "model": "autocad map 3d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021.1.1"
      },
      {
        "_id": null,
        "model": "autocad plant 3d",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022"
      },
      {
        "_id": null,
        "model": "autocad architecture",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020"
      },
      {
        "_id": null,
        "model": "autocad lt",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020"
      },
      {
        "_id": null,
        "model": "autocad mep",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021.1.1"
      },
      {
        "_id": null,
        "model": "autocad map 3d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020.1.4"
      },
      {
        "_id": null,
        "model": "advance steel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022"
      },
      {
        "_id": null,
        "model": "civil 3d",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019"
      },
      {
        "_id": null,
        "model": "autocad architecture",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022"
      },
      {
        "_id": null,
        "model": "autocad lt",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022"
      },
      {
        "_id": null,
        "model": "autocad mep",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019"
      },
      {
        "_id": null,
        "model": "mc works64",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "mitsubishielectric",
        "version": "4.04e"
      },
      {
        "_id": null,
        "model": "autocad plant 3d",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019"
      },
      {
        "_id": null,
        "model": "autocad plant 3d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021.1.1"
      },
      {
        "_id": null,
        "model": "dwg trueview",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022"
      },
      {
        "_id": null,
        "model": "autocad electrical",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021.1.1"
      },
      {
        "_id": null,
        "model": "autocad mep",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020.1.4"
      },
      {
        "_id": null,
        "model": "advance steel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021.1.1"
      },
      {
        "_id": null,
        "model": "autocad architecture",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021.1.1"
      },
      {
        "_id": null,
        "model": "autocad",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022.0.1"
      },
      {
        "_id": null,
        "model": "autocad",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019.1.3"
      },
      {
        "_id": null,
        "model": "autocad mep",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021"
      },
      {
        "_id": null,
        "model": "autocad plant 3d",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021"
      },
      {
        "_id": null,
        "model": "autocad architecture",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022.0.1"
      },
      {
        "_id": null,
        "model": "autocad plant 3d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020.1.4"
      },
      {
        "_id": null,
        "model": "autocad electrical",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020.1.4"
      },
      {
        "_id": null,
        "model": "autocad lt",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022.0.1"
      },
      {
        "_id": null,
        "model": "autocad lt",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019.1.3"
      },
      {
        "_id": null,
        "model": "autocad mechanical",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022"
      },
      {
        "_id": null,
        "model": "autocad architecture",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019"
      },
      {
        "_id": null,
        "model": "autocad mep",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020"
      },
      {
        "_id": null,
        "model": "autocad map 3d",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020"
      },
      {
        "_id": null,
        "model": "autocad architecture",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020.1.4"
      },
      {
        "_id": null,
        "model": "autocad lt",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019"
      },
      {
        "_id": null,
        "model": "advance steel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021"
      },
      {
        "_id": null,
        "model": "autocad mechanical",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022.0.1"
      },
      {
        "_id": null,
        "model": "autocad lt",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020.1.4"
      },
      {
        "_id": null,
        "model": "autocad mechanical",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019.1.3"
      },
      {
        "_id": null,
        "model": "autocad architecture",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021"
      },
      {
        "_id": null,
        "model": "autocad lt",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021"
      },
      {
        "_id": null,
        "model": "genesis64",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "iconics",
        "version": "10.97"
      },
      {
        "_id": null,
        "model": "autocad map 3d",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022"
      },
      {
        "_id": null,
        "model": "advance steel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020"
      },
      {
        "_id": null,
        "model": "civil 3d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021.1.1"
      },
      {
        "_id": null,
        "model": "civil 3d",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022"
      },
      {
        "_id": null,
        "model": "autocad mechanical",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019"
      },
      {
        "_id": null,
        "model": "genesis64",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u4e09\u83f1\u96fb\u6a5f",
        "version": null
      },
      {
        "_id": null,
        "model": "mc works64",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u4e09\u83f1\u96fb\u6a5f",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-712"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-711"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-710"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-709"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-708"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-707"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-706"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1238"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1236"
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-378"
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-473"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003350"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-27040"
      }
    ]
  },
  "configurations": {
    "_id": null,
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2019.1.3",
                "versionStartIncluding": "2019",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2020.1.4",
                "versionStartIncluding": "2020",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021.1.1",
                "versionStartIncluding": "2021",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2022.0.1",
                "versionStartIncluding": "2022",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2019.1.3",
                "versionStartIncluding": "2019",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2020.1.4",
                "versionStartIncluding": "2020",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021.1.1",
                "versionStartIncluding": "2021",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2022.0.1",
                "versionStartIncluding": "2022",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2019.1.3",
                "versionStartIncluding": "2019",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2020.1.4",
                "versionStartIncluding": "2020",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021.1.1",
                "versionStartIncluding": "2021",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2022.0.1",
                "versionStartIncluding": "2022",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2019.1.3",
                "versionStartIncluding": "2019",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2020.1.4",
                "versionStartIncluding": "2020",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021.1.1",
                "versionStartIncluding": "2021",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2022.0.1",
                "versionStartIncluding": "2022",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2019.1.3",
                "versionStartIncluding": "2019",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2020.1.4",
                "versionStartIncluding": "2020",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021.1.1",
                "versionStartIncluding": "2021",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2022.0.1",
                "versionStartIncluding": "2022",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2019.1.3",
                "versionStartIncluding": "2019",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2020.1.4",
                "versionStartIncluding": "2020",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021.1.1",
                "versionStartIncluding": "2021",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2022.0.1",
                "versionStartIncluding": "2022",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2019.1.3",
                "versionStartIncluding": "2019",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2020.1.4",
                "versionStartIncluding": "2020",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2019.1.3",
                "versionStartIncluding": "2019",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2020.1.4",
                "versionStartIncluding": "2020",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021.1.1",
                "versionStartIncluding": "2021",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2022.0.1",
                "versionStartIncluding": "2022",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021.1.1",
                "versionStartIncluding": "2021",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2022.0.1",
                "versionStartIncluding": "2022",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2019.1.3",
                "versionStartIncluding": "2019",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2020.1.4",
                "versionStartIncluding": "2020",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021.1.1",
                "versionStartIncluding": "2021",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2022.0.1",
                "versionStartIncluding": "2022",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2019.1.3",
                "versionStartIncluding": "2019",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2020.1.4",
                "versionStartIncluding": "2020",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021.1.1",
                "versionStartIncluding": "2021",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2022.0.1",
                "versionStartIncluding": "2022",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:dwg_trueview:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2022.1.1",
                "versionStartIncluding": "2022",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.97",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.04e",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-27040"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Michael DePlante (@izobashi) of Trend Micro\u0027s Zero Day Initiative",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-712"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-711"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-710"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-709"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-708"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-707"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-706"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1238"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1236"
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-378"
      }
    ],
    "trust": 7.0
  },
  "cve": "CVE-2021-27040",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2021-27040",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "ZDI",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2021-27040",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 4.2,
            "userInteraction": "REQUIRED",
            "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "ZDI",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 1.8,
            "id": "CVE-2021-27040",
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 3.5,
            "userInteraction": "REQUIRED",
            "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 1.8,
            "id": "CVE-2021-27040",
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "OTHER",
            "availabilityImpact": "None",
            "baseScore": 3.3,
            "baseSeverity": "Low",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-003350",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "ZDI",
            "id": "CVE-2021-27040",
            "trust": 4.2,
            "value": "HIGH"
          },
          {
            "author": "ZDI",
            "id": "CVE-2021-27040",
            "trust": 3.5,
            "value": "LOW"
          },
          {
            "author": "NVD",
            "id": "CVE-2021-27040",
            "trust": 1.0,
            "value": "LOW"
          },
          {
            "author": "OTHER",
            "id": "JVNDB-2021-003350",
            "trust": 0.8,
            "value": "Low"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202106-1561",
            "trust": 0.6,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-712"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-711"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-710"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-709"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-708"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-707"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-706"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1238"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1236"
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-378"
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-473"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003350"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-1561"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-27040"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "A maliciously crafted DWG file can be forced to read beyond allocated boundaries when parsing the DWG file. This vulnerability can be exploited to execute arbitrary code. Provided by Mitsubishi Electric Corporation GENESIS64 and MC Works64 of AutoCAD (DWG) The file import feature contains several vulnerabilities: It was * Out-of-bounds read (CWE-125) - CVE-2021-27040 \u2025 * Out-of-bounds writing (CWE-787) - CVE-2021-27041 This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developers.* Crafted by a third party AutoCAD (DWG) Information leaks by importing the file into the product - CVE-2021-27040* Crafted by a third party AutoCAD (DWG) By importing the file into the product, any program will be executed. - CVE-2021-27041. This vulnerability allows remote attackers to disclose sensitive information on affected installations of ICONICS GENESIS64. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-27040"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003350"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-712"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-711"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-710"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-709"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-708"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-707"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-706"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1238"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1236"
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-378"
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-473"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ],
    "trust": 9.09
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-27040",
        "trust": 10.1
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1238",
        "trust": 2.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1236",
        "trust": 2.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-378",
        "trust": 2.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-473",
        "trust": 2.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-21-294-01",
        "trust": 1.4
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-712",
        "trust": 1.3
      },
      {
        "db": "JVN",
        "id": "JVNVU94862669",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003350",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-12150",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-12119",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-711",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-12118",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-710",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-12117",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-709",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-12094",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-708",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-12077",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-707",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-12076",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-706",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-14065",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-14060",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-14059",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-15570",
        "trust": 0.7
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021102205",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021062421",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022042625",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.3527",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-1561",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-712"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-711"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-710"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-709"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-708"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-707"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-706"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1238"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1236"
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-378"
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-473"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003350"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-1561"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-27040"
      }
    ]
  },
  "id": "VAR-202106-1815",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.685964935
  },
  "last_update_date": "2022-05-16T22:51:40.714000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "Autodesk has issued an update to correct this vulnerability.",
        "trust": 4.9,
        "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0004"
      },
      {
        "title": "ICONICS has issued an update to correct this vulnerability.",
        "trust": 1.4,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-294-01"
      },
      {
        "title": "GENESIS64 and MC\u00a0Works64 of AutoCAD(DWG) Information leakage and malicious program execution vulnerability in file import function",
        "trust": 0.8,
        "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2021-017.pdf"
      },
      {
        "title": "ICONICS has issued an update to correct this vulnerability.",
        "trust": 0.7,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-294-01"
      },
      {
        "title": "Autodesk has issued an update to correct this vulnerability.",
        "trust": 0.7,
        "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
      },
      {
        "title": "Autodesk AutoCAD Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=155357"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-712"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-711"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-710"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-709"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-708"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-707"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-706"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1238"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1236"
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-378"
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-473"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003350"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-1561"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-125",
        "trust": 1.0
      },
      {
        "problemtype": "Out-of-bounds writing (CWE-787) [ Other ]",
        "trust": 0.8
      },
      {
        "problemtype": " Out-of-bounds read (CWE-125) [ Other ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003350"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-27040"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 7.3,
        "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0004"
      },
      {
        "trust": 2.8,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-294-01"
      },
      {
        "trust": 2.2,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-21-1236/"
      },
      {
        "trust": 2.2,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-22-378/"
      },
      {
        "trust": 1.6,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-21-1238/"
      },
      {
        "trust": 1.6,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-22-473/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu94862669/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27041"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27040"
      },
      {
        "trust": 0.7,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-294-01"
      },
      {
        "trust": 0.7,
        "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021062421"
      },
      {
        "trust": 0.6,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-21-712/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.3527"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022042625"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021102205"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/iconics-genesis64-three-vulnerabilities-36698"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-712"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-711"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-710"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-709"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-708"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-707"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-706"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1238"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1236"
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-378"
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-473"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003350"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-1561"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-27040"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-21-712",
        "ident": null
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-711",
        "ident": null
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-710",
        "ident": null
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-709",
        "ident": null
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-708",
        "ident": null
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-707",
        "ident": null
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-706",
        "ident": null
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1238",
        "ident": null
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1236",
        "ident": null
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-378",
        "ident": null
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-473",
        "ident": null
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003350",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-1561",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2021-27040",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2021-06-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-712",
        "ident": null
      },
      {
        "date": "2021-06-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-711",
        "ident": null
      },
      {
        "date": "2021-06-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-710",
        "ident": null
      },
      {
        "date": "2021-06-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-709",
        "ident": null
      },
      {
        "date": "2021-06-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-708",
        "ident": null
      },
      {
        "date": "2021-06-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-707",
        "ident": null
      },
      {
        "date": "2021-06-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-706",
        "ident": null
      },
      {
        "date": "2021-10-28T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-1238",
        "ident": null
      },
      {
        "date": "2021-10-28T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-1236",
        "ident": null
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "ZDI",
        "id": "ZDI-22-378",
        "ident": null
      },
      {
        "date": "2022-03-07T00:00:00",
        "db": "ZDI",
        "id": "ZDI-22-473",
        "ident": null
      },
      {
        "date": "2021-10-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-003350",
        "ident": null
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "ident": null
      },
      {
        "date": "2021-06-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202106-1561",
        "ident": null
      },
      {
        "date": "2021-06-25T13:15:00",
        "db": "NVD",
        "id": "CVE-2021-27040",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2021-06-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-712",
        "ident": null
      },
      {
        "date": "2021-06-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-711",
        "ident": null
      },
      {
        "date": "2021-06-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-710",
        "ident": null
      },
      {
        "date": "2021-06-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-709",
        "ident": null
      },
      {
        "date": "2021-06-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-708",
        "ident": null
      },
      {
        "date": "2021-06-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-707",
        "ident": null
      },
      {
        "date": "2021-06-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-706",
        "ident": null
      },
      {
        "date": "2021-10-28T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-1238",
        "ident": null
      },
      {
        "date": "2021-10-28T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-1236",
        "ident": null
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "ZDI",
        "id": "ZDI-22-378",
        "ident": null
      },
      {
        "date": "2022-03-07T00:00:00",
        "db": "ZDI",
        "id": "ZDI-22-473",
        "ident": null
      },
      {
        "date": "2021-11-26T02:40:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-003350",
        "ident": null
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "ident": null
      },
      {
        "date": "2022-05-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202106-1561",
        "ident": null
      },
      {
        "date": "2022-05-13T17:31:00",
        "db": "NVD",
        "id": "CVE-2021-27040",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-1561"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "_id": null,
    "data": "Autodesk AutoCAD DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-712"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-711"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-710"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-709"
      }
    ],
    "trust": 2.8
  },
  "type": {
    "_id": null,
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ],
    "trust": 0.6
  }
}

var-202106-1814
Vulnerability from variot

A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code. Provided by Mitsubishi Electric Corporation GENESIS64 and MC Works64 of AutoCAD (DWG) The file import feature contains several vulnerabilities: It was * Out-of-bounds read (CWE-125) - CVE-2021-27040 ‥ * Out-of-bounds writing (CWE-787) - CVE-2021-27041 This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developers. Crafted by a third party AutoCAD (DWG) Information leaks by importing the file into the product - CVE-2021-27040 Crafted by a third party AutoCAD (DWG) By importing the file into the product, any program will be executed. - CVE-2021-27041. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Show details on source website

To clipboard 

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "autocad",
        "scope": null,
        "trust": 2.1,
        "vendor": "autodesk",
        "version": null
      },
      {
        "_id": null,
        "model": "autocad map 3d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022.0.1"
      },
      {
        "_id": null,
        "model": "autocad map 3d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019.1.3"
      },
      {
        "_id": null,
        "model": "civil 3d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022.0.1"
      },
      {
        "_id": null,
        "model": "civil 3d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019.1.3"
      },
      {
        "_id": null,
        "model": "autocad electrical",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020"
      },
      {
        "_id": null,
        "model": "autocad mechanical",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021"
      },
      {
        "_id": null,
        "model": "civil 3d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020.1.4"
      },
      {
        "_id": null,
        "model": "autocad",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022"
      },
      {
        "_id": null,
        "model": "autocad mep",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019.1.3"
      },
      {
        "_id": null,
        "model": "autocad mep",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022.0.1"
      },
      {
        "_id": null,
        "model": "autocad map 3d",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019"
      },
      {
        "_id": null,
        "model": "autocad electrical",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022"
      },
      {
        "_id": null,
        "model": "autocad mechanical",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020"
      },
      {
        "_id": null,
        "model": "autocad",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021.1.1"
      },
      {
        "_id": null,
        "model": "autocad map 3d",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021"
      },
      {
        "_id": null,
        "model": "autocad plant 3d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019.1.3"
      },
      {
        "_id": null,
        "model": "autocad plant 3d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022.0.1"
      },
      {
        "_id": null,
        "model": "autocad electrical",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022.0.1"
      },
      {
        "_id": null,
        "model": "autocad electrical",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019.1.3"
      },
      {
        "_id": null,
        "model": "advance steel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022.0.1"
      },
      {
        "_id": null,
        "model": "advance steel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019.1.3"
      },
      {
        "_id": null,
        "model": "civil 3d",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021"
      },
      {
        "_id": null,
        "model": "advance steel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019"
      },
      {
        "_id": null,
        "model": "autocad architecture",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019.1.3"
      },
      {
        "_id": null,
        "model": "autocad lt",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021.1.1"
      },
      {
        "_id": null,
        "model": "advance steel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020.1.4"
      },
      {
        "_id": null,
        "model": "autocad",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019"
      },
      {
        "_id": null,
        "model": "autocad",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020.1.4"
      },
      {
        "_id": null,
        "model": "civil 3d",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020"
      },
      {
        "_id": null,
        "model": "autocad mechanical",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021.1.1"
      },
      {
        "_id": null,
        "model": "autocad electrical",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019"
      },
      {
        "_id": null,
        "model": "autocad",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021"
      },
      {
        "_id": null,
        "model": "autocad plant 3d",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020"
      },
      {
        "_id": null,
        "model": "design review",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2018"
      },
      {
        "_id": null,
        "model": "autocad electrical",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021"
      },
      {
        "_id": null,
        "model": "autocad mechanical",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020.1.4"
      },
      {
        "_id": null,
        "model": "autocad",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020"
      },
      {
        "_id": null,
        "model": "autocad mep",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022"
      },
      {
        "_id": null,
        "model": "autocad map 3d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021.1.1"
      },
      {
        "_id": null,
        "model": "autocad plant 3d",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022"
      },
      {
        "_id": null,
        "model": "autocad architecture",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020"
      },
      {
        "_id": null,
        "model": "autocad lt",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020"
      },
      {
        "_id": null,
        "model": "autocad mep",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021.1.1"
      },
      {
        "_id": null,
        "model": "autocad map 3d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020.1.4"
      },
      {
        "_id": null,
        "model": "advance steel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022"
      },
      {
        "_id": null,
        "model": "civil 3d",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019"
      },
      {
        "_id": null,
        "model": "autocad architecture",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022"
      },
      {
        "_id": null,
        "model": "autocad lt",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022"
      },
      {
        "_id": null,
        "model": "autocad mep",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019"
      },
      {
        "_id": null,
        "model": "mc works64",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "mitsubishielectric",
        "version": "4.04e"
      },
      {
        "_id": null,
        "model": "autocad plant 3d",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019"
      },
      {
        "_id": null,
        "model": "autocad plant 3d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021.1.1"
      },
      {
        "_id": null,
        "model": "autocad electrical",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021.1.1"
      },
      {
        "_id": null,
        "model": "autocad mep",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020.1.4"
      },
      {
        "_id": null,
        "model": "advance steel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021.1.1"
      },
      {
        "_id": null,
        "model": "autocad architecture",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021.1.1"
      },
      {
        "_id": null,
        "model": "autocad",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022.0.1"
      },
      {
        "_id": null,
        "model": "autocad",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019.1.3"
      },
      {
        "_id": null,
        "model": "autocad mep",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021"
      },
      {
        "_id": null,
        "model": "autocad plant 3d",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021"
      },
      {
        "_id": null,
        "model": "autocad architecture",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022.0.1"
      },
      {
        "_id": null,
        "model": "autocad plant 3d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020.1.4"
      },
      {
        "_id": null,
        "model": "autocad electrical",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020.1.4"
      },
      {
        "_id": null,
        "model": "autocad lt",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022.0.1"
      },
      {
        "_id": null,
        "model": "autocad lt",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019.1.3"
      },
      {
        "_id": null,
        "model": "autocad mechanical",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022"
      },
      {
        "_id": null,
        "model": "autocad architecture",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019"
      },
      {
        "_id": null,
        "model": "autocad mep",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020"
      },
      {
        "_id": null,
        "model": "autocad map 3d",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020"
      },
      {
        "_id": null,
        "model": "autocad architecture",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020.1.4"
      },
      {
        "_id": null,
        "model": "autocad lt",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019"
      },
      {
        "_id": null,
        "model": "advance steel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021"
      },
      {
        "_id": null,
        "model": "autocad mechanical",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022.0.1"
      },
      {
        "_id": null,
        "model": "autocad lt",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020.1.4"
      },
      {
        "_id": null,
        "model": "autocad mechanical",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019.1.3"
      },
      {
        "_id": null,
        "model": "autocad architecture",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021"
      },
      {
        "_id": null,
        "model": "autocad lt",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021"
      },
      {
        "_id": null,
        "model": "genesis64",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "iconics",
        "version": "10.97"
      },
      {
        "_id": null,
        "model": "autocad map 3d",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022"
      },
      {
        "_id": null,
        "model": "advance steel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020"
      },
      {
        "_id": null,
        "model": "civil 3d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021.1.1"
      },
      {
        "_id": null,
        "model": "civil 3d",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022"
      },
      {
        "_id": null,
        "model": "autocad mechanical",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019"
      },
      {
        "_id": null,
        "model": "genesis64",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u4e09\u83f1\u96fb\u6a5f",
        "version": null
      },
      {
        "_id": null,
        "model": "mc works64",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u4e09\u83f1\u96fb\u6a5f",
        "version": null
      },
      {
        "_id": null,
        "model": "genesis64",
        "scope": null,
        "trust": 0.7,
        "vendor": "iconics",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-714"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-713"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1237"
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-478"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003350"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-27041"
      }
    ]
  },
  "configurations": {
    "_id": null,
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:design_review:2018:hotfix:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:design_review:2018:hotfix2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:design_review:2018:hotfix3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:design_review:2018:hotfix4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:design_review:2018:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2019.1.3",
                "versionStartIncluding": "2019",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2020.1.4",
                "versionStartIncluding": "2020",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021.1.1",
                "versionStartIncluding": "2021",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2022.0.1",
                "versionStartIncluding": "2022",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2019.1.3",
                "versionStartIncluding": "2019",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2020.1.4",
                "versionStartIncluding": "2020",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021.1.1",
                "versionStartIncluding": "2021",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2022.0.1",
                "versionStartIncluding": "2022",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2019.1.3",
                "versionStartIncluding": "2019",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2020.1.4",
                "versionStartIncluding": "2020",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021.1.1",
                "versionStartIncluding": "2021",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2022.0.1",
                "versionStartIncluding": "2022",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2019.1.3",
                "versionStartIncluding": "2019",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2020.1.4",
                "versionStartIncluding": "2020",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021.1.1",
                "versionStartIncluding": "2021",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2022.0.1",
                "versionStartIncluding": "2022",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2019.1.3",
                "versionStartIncluding": "2019",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2020.1.4",
                "versionStartIncluding": "2020",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021.1.1",
                "versionStartIncluding": "2021",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2022.0.1",
                "versionStartIncluding": "2022",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2019.1.3",
                "versionStartIncluding": "2019",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2019.1.3",
                "versionStartIncluding": "2019",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2020.1.4",
                "versionStartIncluding": "2020",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021.1.1",
                "versionStartIncluding": "2021",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2022.0.1",
                "versionStartIncluding": "2022",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2020.1.4",
                "versionStartIncluding": "2020",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021.1.1",
                "versionStartIncluding": "2021",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2022.0.1",
                "versionStartIncluding": "2022",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2019.1.3",
                "versionStartIncluding": "2019",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2020.1.4",
                "versionStartIncluding": "2020",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021.1.1",
                "versionStartIncluding": "2021",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2022.0.1",
                "versionStartIncluding": "2022",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2019.1.3",
                "versionStartIncluding": "2019",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2020.1.4",
                "versionStartIncluding": "2020",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021.1.1",
                "versionStartIncluding": "2021",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2022.0.1",
                "versionStartIncluding": "2022",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2019.1.3",
                "versionStartIncluding": "2019",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2020.1.4",
                "versionStartIncluding": "2020",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021.1.1",
                "versionStartIncluding": "2021",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2022.0.1",
                "versionStartIncluding": "2022",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.97",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.04e",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-27041"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Michael DePlante (@izobashi) of Trend Micro\u0027s Zero Day Initiative",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-714"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-713"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1237"
      }
    ],
    "trust": 2.1
  },
  "cve": "CVE-2021-27041",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2021-27041",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "ZDI",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2021-27041",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.8,
            "userInteraction": "REQUIRED",
            "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2021-27041",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "OTHER",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-003350",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "ZDI",
            "id": "CVE-2021-27041",
            "trust": 2.8,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2021-27041",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "OTHER",
            "id": "JVNDB-2021-003350",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202106-1568",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-714"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-713"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1237"
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-478"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003350"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-1568"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-27041"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code. Provided by Mitsubishi Electric Corporation GENESIS64 and MC Works64 of AutoCAD (DWG) The file import feature contains several vulnerabilities: It was * Out-of-bounds read (CWE-125) - CVE-2021-27040 \u2025 * Out-of-bounds writing (CWE-787) - CVE-2021-27041 This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developers.* Crafted by a third party AutoCAD (DWG) Information leaks by importing the file into the product - CVE-2021-27040* Crafted by a third party AutoCAD (DWG) By importing the file into the product, any program will be executed. - CVE-2021-27041. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-27041"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003350"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-714"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-713"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1237"
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-478"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ],
    "trust": 4.68
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-27041",
        "trust": 5.2
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-21-294-01",
        "trust": 1.4
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-714",
        "trust": 1.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1237",
        "trust": 1.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-478",
        "trust": 1.3
      },
      {
        "db": "JVN",
        "id": "JVNVU94862669",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003350",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-12281",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-12181",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-713",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-14064",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-15565",
        "trust": 0.7
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021102205",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022042625",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022040706",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021062421",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.3527",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-1568",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-714"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-713"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1237"
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-478"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003350"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-1568"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-27041"
      }
    ]
  },
  "id": "VAR-202106-1814",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.685964935
  },
  "last_update_date": "2022-05-14T20:19:01.789000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "Autodesk has issued an update to correct this vulnerability.",
        "trust": 1.4,
        "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0004"
      },
      {
        "title": "GENESIS64 and MC\u00a0Works64 of AutoCAD(DWG) Information leakage and malicious program execution vulnerability in file import function",
        "trust": 0.8,
        "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2021-017.pdf"
      },
      {
        "title": "ICONICS has issued an update to correct this vulnerability.",
        "trust": 0.7,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-294-01"
      },
      {
        "title": "Autodesk has issued an update to correct this vulnerability.",
        "trust": 0.7,
        "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
      },
      {
        "title": "Autodesk AutoCAD Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=155361"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-714"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-713"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1237"
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-478"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003350"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-1568"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-787",
        "trust": 1.0
      },
      {
        "problemtype": "Out-of-bounds writing (CWE-787) [ Other ]",
        "trust": 0.8
      },
      {
        "problemtype": " Out-of-bounds read (CWE-125) [ Other ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003350"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-27041"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 2.8,
        "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0004"
      },
      {
        "trust": 2.1,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-294-01"
      },
      {
        "trust": 1.6,
        "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
      },
      {
        "trust": 1.2,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-21-1237/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu94862669/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27041"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27040"
      },
      {
        "trust": 0.7,
        "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021062421"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022040706"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.3527"
      },
      {
        "trust": 0.6,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-22-478/"
      },
      {
        "trust": 0.6,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-21-714/"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022042625"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021102205"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/iconics-genesis64-three-vulnerabilities-36698"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-714"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-713"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1237"
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-478"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003350"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-1568"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-27041"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-21-714",
        "ident": null
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-713",
        "ident": null
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1237",
        "ident": null
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-478",
        "ident": null
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003350",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-1568",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2021-27041",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2021-06-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-714",
        "ident": null
      },
      {
        "date": "2021-06-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-713",
        "ident": null
      },
      {
        "date": "2021-10-28T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-1237",
        "ident": null
      },
      {
        "date": "2022-03-07T00:00:00",
        "db": "ZDI",
        "id": "ZDI-22-478",
        "ident": null
      },
      {
        "date": "2021-10-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-003350",
        "ident": null
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "ident": null
      },
      {
        "date": "2021-06-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202106-1568",
        "ident": null
      },
      {
        "date": "2021-06-25T13:15:00",
        "db": "NVD",
        "id": "CVE-2021-27041",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2021-06-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-714",
        "ident": null
      },
      {
        "date": "2021-06-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-713",
        "ident": null
      },
      {
        "date": "2021-10-28T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-1237",
        "ident": null
      },
      {
        "date": "2022-03-07T00:00:00",
        "db": "ZDI",
        "id": "ZDI-22-478",
        "ident": null
      },
      {
        "date": "2021-11-26T02:40:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-003350",
        "ident": null
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "ident": null
      },
      {
        "date": "2022-04-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202106-1568",
        "ident": null
      },
      {
        "date": "2022-05-13T17:37:00",
        "db": "NVD",
        "id": "CVE-2021-27041",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-1568"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "_id": null,
    "data": "Autodesk AutoCAD DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-714"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-713"
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-478"
      }
    ],
    "trust": 2.1
  },
  "type": {
    "_id": null,
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ],
    "trust": 0.6
  }
}