cve-2019-7359
Vulnerability from cvelistv5
Published
2019-04-09 19:22
Modified
2024-08-04 20:46
Severity ?
EPSS score ?
Summary
An exploitable heap overflow vulnerability in the AcCellMargin handling code in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file with too many cell margins populating an AcCellMargin object may cause a heap overflow, resulting in code execution.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Autodesk | Autodesk Advance Steel |
Version: 2018 |
||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T20:46:46.278Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Autodesk Advance Steel", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2018" } ] }, { "product": "Autodesk AutoCAD", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2018" } ] }, { "product": "Autodesk AutoCAD Architecture", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2018" } ] }, { "product": "Autodesk AutoCAD Electrical", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2018" } ] }, { "product": "Autodesk AutoCAD Map 3D", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2018" } ] }, { "product": "Autodesk AutoCAD Mechanical", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2018" } ] }, { "product": "Autodesk AutoCAD MEP", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2018" } ] }, { "product": "Autodesk AutoCAD P\u0026ID", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2018" } ] }, { "product": "Autodesk AutoCAD Plant 3D", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2018" } ] }, { "product": "Autodesk AutoCAD LT", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2018" } ] }, { "product": "Autodesk Civil 3D", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2018" } ] } ], "descriptions": [ { "lang": "en", "value": "An exploitable heap overflow vulnerability in the AcCellMargin handling code in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P\u0026ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file with too many cell margins populating an AcCellMargin object may cause a heap overflow, resulting in code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "Use After Free", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-13T16:26:16", "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "shortName": "autodesk" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@autodesk.com", "ID": "CVE-2019-7359", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Autodesk Advance Steel", "version": { "version_data": [ { "version_value": "2018" } ] } }, { "product_name": "Autodesk AutoCAD", "version": { "version_data": [ { "version_value": "2018" } ] } }, { "product_name": "Autodesk AutoCAD Architecture", "version": { "version_data": [ { "version_value": "2018" } ] } }, { "product_name": "Autodesk AutoCAD Electrical", "version": { "version_data": [ { "version_value": "2018" } ] } }, { "product_name": "Autodesk AutoCAD Map 3D", "version": { "version_data": [ { "version_value": "2018" } ] } }, { "product_name": "Autodesk AutoCAD Mechanical", "version": { "version_data": [ { "version_value": "2018" } ] } }, { "product_name": "Autodesk AutoCAD MEP", "version": { "version_data": [ { "version_value": "2018" } ] } }, { "product_name": "Autodesk AutoCAD P\u0026ID", "version": { "version_data": [ { "version_value": "2018" } ] } }, { "product_name": "Autodesk AutoCAD Plant 3D", "version": { "version_data": [ { "version_value": "2018" } ] } }, { "product_name": "Autodesk AutoCAD LT", "version": { "version_data": [ { "version_value": "2018" } ] } }, { "product_name": "Autodesk Civil 3D", "version": { "version_data": [ { "version_value": "2018" } ] } } ] }, "vendor_name": "Autodesk" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An exploitable heap overflow vulnerability in the AcCellMargin handling code in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P\u0026ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file with too many cell margins populating an AcCellMargin object may cause a heap overflow, resulting in code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Use After Free" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001", "refsource": "MISC", "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001" } ] } } } }, "cveMetadata": { "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "assignerShortName": "autodesk", "cveId": "CVE-2019-7359", "datePublished": "2019-04-09T19:22:56", "dateReserved": "2019-02-04T00:00:00", "dateUpdated": "2024-08-04T20:46:46.278Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2019-7359\",\"sourceIdentifier\":\"psirt@autodesk.com\",\"published\":\"2019-04-09T20:30:21.287\",\"lastModified\":\"2024-11-21T04:48:05.663\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An exploitable heap overflow vulnerability in the AcCellMargin handling code in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P\u0026ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file with too many cell margins populating an AcCellMargin object may cause a heap overflow, resulting in code execution.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad explotable de desbordamiento de pila en el c\u00f3digo de manejo AcCellMargin en Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD , Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018 y Autodesk Civil 3D 2018. Un archivo DXF especialmente creado con muchos m\u00e1rgenes de celda que pueblan un objeto AcCellMargin puede generar un desbordamiento de pila, lo que conlleva a la ejecuci\u00f3n del c\u00f3digo.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:advance_steel:2018:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"461B3C59-740C-4530-80DA-23DD38A0EEB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad:2018:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C2610D4-81E7-4B85-9147-C3F24895EDB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_architecture:2018:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECDE64CF-3527-4C9A-9672-E2FA3BCC8B65\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_electrical:2018:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC2B0DF8-8827-4CF2-94F1-D2871FA5095F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_lt:2018:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85BF0890-5AE7-46BA-8FD4-667B20081A0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_map_3d:2018:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4C4F749-A0C3-4C25-B5FC-CE3E49AFF8F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_mechanical:2018:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E34DF2FB-6A4F-4060-9DE4-EE635D9056E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_mep:2018:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA943872-F736-4EC2-8328-9AABCAE08154\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_p\\\\\u0026id:2018:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B80C406D-9E82-4B2B-8065-FEB797DE65B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_plant_3d:2018:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68F6B255-EE77-48BA-AEEE-9395C85BF274\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:civil_3d:2018:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2692C0E3-9A82-42BA-A80D-8A0D72FD3164\"}]}]}],\"references\":[{\"url\":\"https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001\",\"source\":\"psirt@autodesk.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.