Action not permitted
Modal body text goes here.
Modal Title
Modal Body
wid-sec-w-2024-3304
Vulnerability from csaf_certbund
Published
2024-10-29 23:00
Modified
2024-10-29 23:00
Summary
Autodesk AutoCAD: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
AutoCAD ist Teil der CAD (Computer Aided Design) Produktpalette von Autodesk.
Angriff
Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in Autodesk AutoCAD ausnutzen, um beliebigen Code auszuführen, einen 'Denial of Service'-Zustand zu erzeugen, Dateien zu manipulieren oder vertrauliche Informationen offenzulegen.
Betroffene Betriebssysteme
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "AutoCAD ist Teil der CAD (Computer Aided Design) Produktpalette von Autodesk.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in Autodesk AutoCAD ausnutzen, um beliebigen Code auszuf\u00fchren, einen \u0027Denial of Service\u0027-Zustand zu erzeugen, Dateien zu manipulieren oder vertrauliche Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-3304 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3304.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-3304 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3304"
},
{
"category": "external",
"summary": "Autodesk Security Advisory adsk-sa-2024-0019 vom 2024-10-29",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
},
{
"category": "external",
"summary": "Autodesk Security Advisory adsk-sa-2024-0020 vom 2024-10-29",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0020"
},
{
"category": "external",
"summary": "Autodesk Security Advisory adsk-sa-2024-0021 vom 2024-10-29",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0021"
}
],
"source_lang": "en-US",
"title": "Autodesk AutoCAD: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-10-29T23:00:00.000+00:00",
"generator": {
"date": "2024-10-30T12:08:10.411+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.8"
}
},
"id": "WID-SEC-W-2024-3304",
"initial_release_date": "2024-10-29T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-10-29T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2025.1.1",
"product": {
"name": "Autodesk AutoCAD \u003c2025.1.1",
"product_id": "T038689"
}
},
{
"category": "product_version",
"name": "2025.1.1",
"product": {
"name": "Autodesk AutoCAD 2025.1.1",
"product_id": "T038689-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:autodesk:autocad:2025.1.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c2024.1.6",
"product": {
"name": "Autodesk AutoCAD \u003c2024.1.6",
"product_id": "T038690"
}
},
{
"category": "product_version",
"name": "2024.1.6",
"product": {
"name": "Autodesk AutoCAD 2024.1.6",
"product_id": "T038690-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:autodesk:autocad:2024.1.6"
}
}
}
],
"category": "product_name",
"name": "AutoCAD"
}
],
"category": "vendor",
"name": "Autodesk"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-7991",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Autodesk AutoCAD. Diese Fehler existieren aufgrund einer unzureichenden Eingabevalidierung und Speicherverwaltungsproblemen in verschiedenen Komponenten, die eine unautorisierte Speichermanipulation erm\u00f6glichen. Ein entfernter, nicht authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Auswirkungen wie Abst\u00fcrze, die Ausf\u00fchrung von beliebigem Code und den Zugriff auf sensible Daten zu verursachen. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T038690",
"T038689"
]
},
"release_date": "2024-10-29T23:00:00.000+00:00",
"title": "CVE-2024-7991"
},
{
"cve": "CVE-2024-7992",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Autodesk AutoCAD. Diese Fehler existieren aufgrund einer unzureichenden Eingabevalidierung und Speicherverwaltungsproblemen in verschiedenen Komponenten, die eine unautorisierte Speichermanipulation erm\u00f6glichen. Ein entfernter, nicht authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Auswirkungen wie Abst\u00fcrze, die Ausf\u00fchrung von beliebigem Code und den Zugriff auf sensible Daten zu verursachen. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T038690",
"T038689"
]
},
"release_date": "2024-10-29T23:00:00.000+00:00",
"title": "CVE-2024-7992"
},
{
"cve": "CVE-2024-8587",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Autodesk AutoCAD. Diese Fehler existieren aufgrund einer unzureichenden Eingabevalidierung und Speicherverwaltungsproblemen in verschiedenen Komponenten, die eine unautorisierte Speichermanipulation erm\u00f6glichen. Ein entfernter, nicht authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Auswirkungen wie Abst\u00fcrze, die Ausf\u00fchrung von beliebigem Code und den Zugriff auf sensible Daten zu verursachen. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T038690",
"T038689"
]
},
"release_date": "2024-10-29T23:00:00.000+00:00",
"title": "CVE-2024-8587"
},
{
"cve": "CVE-2024-8588",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Autodesk AutoCAD. Diese Fehler existieren aufgrund einer unzureichenden Eingabevalidierung und Speicherverwaltungsproblemen in verschiedenen Komponenten, die eine unautorisierte Speichermanipulation erm\u00f6glichen. Ein entfernter, nicht authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Auswirkungen wie Abst\u00fcrze, die Ausf\u00fchrung von beliebigem Code und den Zugriff auf sensible Daten zu verursachen. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T038690",
"T038689"
]
},
"release_date": "2024-10-29T23:00:00.000+00:00",
"title": "CVE-2024-8588"
},
{
"cve": "CVE-2024-8589",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Autodesk AutoCAD. Diese Fehler existieren aufgrund einer unzureichenden Eingabevalidierung und Speicherverwaltungsproblemen in verschiedenen Komponenten, die eine unautorisierte Speichermanipulation erm\u00f6glichen. Ein entfernter, nicht authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Auswirkungen wie Abst\u00fcrze, die Ausf\u00fchrung von beliebigem Code und den Zugriff auf sensible Daten zu verursachen. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T038690",
"T038689"
]
},
"release_date": "2024-10-29T23:00:00.000+00:00",
"title": "CVE-2024-8589"
},
{
"cve": "CVE-2024-8590",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Autodesk AutoCAD. Diese Fehler existieren aufgrund einer unzureichenden Eingabevalidierung und Speicherverwaltungsproblemen in verschiedenen Komponenten, die eine unautorisierte Speichermanipulation erm\u00f6glichen. Ein entfernter, nicht authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Auswirkungen wie Abst\u00fcrze, die Ausf\u00fchrung von beliebigem Code und den Zugriff auf sensible Daten zu verursachen. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T038690",
"T038689"
]
},
"release_date": "2024-10-29T23:00:00.000+00:00",
"title": "CVE-2024-8590"
},
{
"cve": "CVE-2024-8591",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Autodesk AutoCAD. Diese Fehler existieren aufgrund einer unzureichenden Eingabevalidierung und Speicherverwaltungsproblemen in verschiedenen Komponenten, die eine unautorisierte Speichermanipulation erm\u00f6glichen. Ein entfernter, nicht authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Auswirkungen wie Abst\u00fcrze, die Ausf\u00fchrung von beliebigem Code und den Zugriff auf sensible Daten zu verursachen. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T038690",
"T038689"
]
},
"release_date": "2024-10-29T23:00:00.000+00:00",
"title": "CVE-2024-8591"
},
{
"cve": "CVE-2024-8592",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Autodesk AutoCAD. Diese Fehler existieren aufgrund einer unzureichenden Eingabevalidierung und Speicherverwaltungsproblemen in verschiedenen Komponenten, die eine unautorisierte Speichermanipulation erm\u00f6glichen. Ein entfernter, nicht authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Auswirkungen wie Abst\u00fcrze, die Ausf\u00fchrung von beliebigem Code und den Zugriff auf sensible Daten zu verursachen. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T038690",
"T038689"
]
},
"release_date": "2024-10-29T23:00:00.000+00:00",
"title": "CVE-2024-8592"
},
{
"cve": "CVE-2024-8593",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Autodesk AutoCAD. Diese Fehler existieren aufgrund einer unzureichenden Eingabevalidierung und Speicherverwaltungsproblemen in verschiedenen Komponenten, die eine unautorisierte Speichermanipulation erm\u00f6glichen. Ein entfernter, nicht authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Auswirkungen wie Abst\u00fcrze, die Ausf\u00fchrung von beliebigem Code und den Zugriff auf sensible Daten zu verursachen. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T038690",
"T038689"
]
},
"release_date": "2024-10-29T23:00:00.000+00:00",
"title": "CVE-2024-8593"
},
{
"cve": "CVE-2024-8594",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Autodesk AutoCAD. Diese Fehler existieren aufgrund einer unzureichenden Eingabevalidierung und Speicherverwaltungsproblemen in verschiedenen Komponenten, die eine unautorisierte Speichermanipulation erm\u00f6glichen. Ein entfernter, nicht authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Auswirkungen wie Abst\u00fcrze, die Ausf\u00fchrung von beliebigem Code und den Zugriff auf sensible Daten zu verursachen. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T038690",
"T038689"
]
},
"release_date": "2024-10-29T23:00:00.000+00:00",
"title": "CVE-2024-8594"
},
{
"cve": "CVE-2024-8595",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Autodesk AutoCAD. Diese Fehler existieren aufgrund einer unzureichenden Eingabevalidierung und Speicherverwaltungsproblemen in verschiedenen Komponenten, die eine unautorisierte Speichermanipulation erm\u00f6glichen. Ein entfernter, nicht authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Auswirkungen wie Abst\u00fcrze, die Ausf\u00fchrung von beliebigem Code und den Zugriff auf sensible Daten zu verursachen. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T038690",
"T038689"
]
},
"release_date": "2024-10-29T23:00:00.000+00:00",
"title": "CVE-2024-8595"
},
{
"cve": "CVE-2024-8596",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Autodesk AutoCAD. Diese Fehler existieren aufgrund einer unzureichenden Eingabevalidierung und Speicherverwaltungsproblemen in verschiedenen Komponenten, die eine unautorisierte Speichermanipulation erm\u00f6glichen. Ein entfernter, nicht authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Auswirkungen wie Abst\u00fcrze, die Ausf\u00fchrung von beliebigem Code und den Zugriff auf sensible Daten zu verursachen. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T038690",
"T038689"
]
},
"release_date": "2024-10-29T23:00:00.000+00:00",
"title": "CVE-2024-8596"
},
{
"cve": "CVE-2024-8597",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Autodesk AutoCAD. Diese Fehler existieren aufgrund einer unzureichenden Eingabevalidierung und Speicherverwaltungsproblemen in verschiedenen Komponenten, die eine unautorisierte Speichermanipulation erm\u00f6glichen. Ein entfernter, nicht authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Auswirkungen wie Abst\u00fcrze, die Ausf\u00fchrung von beliebigem Code und den Zugriff auf sensible Daten zu verursachen. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T038690",
"T038689"
]
},
"release_date": "2024-10-29T23:00:00.000+00:00",
"title": "CVE-2024-8597"
},
{
"cve": "CVE-2024-8598",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Autodesk AutoCAD. Diese Fehler existieren aufgrund einer unzureichenden Eingabevalidierung und Speicherverwaltungsproblemen in verschiedenen Komponenten, die eine unautorisierte Speichermanipulation erm\u00f6glichen. Ein entfernter, nicht authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Auswirkungen wie Abst\u00fcrze, die Ausf\u00fchrung von beliebigem Code und den Zugriff auf sensible Daten zu verursachen. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T038690",
"T038689"
]
},
"release_date": "2024-10-29T23:00:00.000+00:00",
"title": "CVE-2024-8598"
},
{
"cve": "CVE-2024-8599",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Autodesk AutoCAD. Diese Fehler existieren aufgrund einer unzureichenden Eingabevalidierung und Speicherverwaltungsproblemen in verschiedenen Komponenten, die eine unautorisierte Speichermanipulation erm\u00f6glichen. Ein entfernter, nicht authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Auswirkungen wie Abst\u00fcrze, die Ausf\u00fchrung von beliebigem Code und den Zugriff auf sensible Daten zu verursachen. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T038690",
"T038689"
]
},
"release_date": "2024-10-29T23:00:00.000+00:00",
"title": "CVE-2024-8599"
},
{
"cve": "CVE-2024-8600",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Autodesk AutoCAD. Diese Fehler existieren aufgrund einer unzureichenden Eingabevalidierung und Speicherverwaltungsproblemen in verschiedenen Komponenten, die eine unautorisierte Speichermanipulation erm\u00f6glichen. Ein entfernter, nicht authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Auswirkungen wie Abst\u00fcrze, die Ausf\u00fchrung von beliebigem Code und den Zugriff auf sensible Daten zu verursachen. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T038690",
"T038689"
]
},
"release_date": "2024-10-29T23:00:00.000+00:00",
"title": "CVE-2024-8600"
},
{
"cve": "CVE-2024-8896",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Autodesk AutoCAD. Diese Fehler existieren aufgrund einer unzureichenden Eingabevalidierung und Speicherverwaltungsproblemen in verschiedenen Komponenten, die eine unautorisierte Speichermanipulation erm\u00f6glichen. Ein entfernter, nicht authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Auswirkungen wie Abst\u00fcrze, die Ausf\u00fchrung von beliebigem Code und den Zugriff auf sensible Daten zu verursachen. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T038690",
"T038689"
]
},
"release_date": "2024-10-29T23:00:00.000+00:00",
"title": "CVE-2024-8896"
},
{
"cve": "CVE-2024-9489",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Autodesk AutoCAD. Diese Fehler existieren aufgrund einer unzureichenden Eingabevalidierung und Speicherverwaltungsproblemen in verschiedenen Komponenten, die eine unautorisierte Speichermanipulation erm\u00f6glichen. Ein entfernter, nicht authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Auswirkungen wie Abst\u00fcrze, die Ausf\u00fchrung von beliebigem Code und den Zugriff auf sensible Daten zu verursachen. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T038690",
"T038689"
]
},
"release_date": "2024-10-29T23:00:00.000+00:00",
"title": "CVE-2024-9489"
},
{
"cve": "CVE-2024-9826",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Autodesk AutoCAD. Diese Fehler existieren aufgrund einer unzureichenden Eingabevalidierung und Speicherverwaltungsproblemen in verschiedenen Komponenten, die eine unautorisierte Speichermanipulation erm\u00f6glichen. Ein entfernter, nicht authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Auswirkungen wie Abst\u00fcrze, die Ausf\u00fchrung von beliebigem Code und den Zugriff auf sensible Daten zu verursachen. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T038690",
"T038689"
]
},
"release_date": "2024-10-29T23:00:00.000+00:00",
"title": "CVE-2024-9826"
},
{
"cve": "CVE-2024-9827",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Autodesk AutoCAD. Diese Fehler existieren aufgrund einer unzureichenden Eingabevalidierung und Speicherverwaltungsproblemen in verschiedenen Komponenten, die eine unautorisierte Speichermanipulation erm\u00f6glichen. Ein entfernter, nicht authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Auswirkungen wie Abst\u00fcrze, die Ausf\u00fchrung von beliebigem Code und den Zugriff auf sensible Daten zu verursachen. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T038690",
"T038689"
]
},
"release_date": "2024-10-29T23:00:00.000+00:00",
"title": "CVE-2024-9827"
},
{
"cve": "CVE-2024-9996",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Autodesk AutoCAD. Diese Fehler existieren aufgrund einer unzureichenden Eingabevalidierung und Speicherverwaltungsproblemen in verschiedenen Komponenten, die eine unautorisierte Speichermanipulation erm\u00f6glichen. Ein entfernter, nicht authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Auswirkungen wie Abst\u00fcrze, die Ausf\u00fchrung von beliebigem Code und den Zugriff auf sensible Daten zu verursachen. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T038690",
"T038689"
]
},
"release_date": "2024-10-29T23:00:00.000+00:00",
"title": "CVE-2024-9996"
},
{
"cve": "CVE-2024-9997",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Autodesk AutoCAD. Diese Fehler existieren aufgrund einer unzureichenden Eingabevalidierung und Speicherverwaltungsproblemen in verschiedenen Komponenten, die eine unautorisierte Speichermanipulation erm\u00f6glichen. Ein entfernter, nicht authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Auswirkungen wie Abst\u00fcrze, die Ausf\u00fchrung von beliebigem Code und den Zugriff auf sensible Daten zu verursachen. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T038690",
"T038689"
]
},
"release_date": "2024-10-29T23:00:00.000+00:00",
"title": "CVE-2024-9997"
}
]
}
cve-2024-7992
Vulnerability from cvelistv5
Published
2024-10-29 21:50
Modified
2024-11-15 21:35
Severity ?
EPSS score ?
Summary
A maliciously crafted DWG file, when parsed through Autodesk AutoCAD and certain AutoCAD-based products, can force a Stack-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Autodesk | AutoCAD |
Version: 2025 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7992",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T13:51:27.431632Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T15:00:32.444Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AutoCAD",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AutoCAD LT",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AutoCAD Architecture",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AutoCAD Electrical",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AutoCAD Mechanical",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AutoCAD MEP",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AutoCAD Plant 3D",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Civil 3D",
"vendor": "AutoCAD",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Advance Steel",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DWG TrueView",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Infrastructure Parts Editor",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inventor",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Navisworks Manage",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Navisworks Simulate",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Revit",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Vault Basic Client",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWG file, when parsed\u003c/span\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ethrough Autodesk AutoCAD and certain AutoCAD-based products, can force a Stack-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted DWG file, when parsed through Autodesk AutoCAD and certain AutoCAD-based products, can force a Stack-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T21:35:26.842Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0021"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Autodesk AutoCAD DWG Stack-Based Buffer Overflow Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-7992",
"datePublished": "2024-10-29T21:50:13.232Z",
"dateReserved": "2024-08-19T21:37:08.684Z",
"dateUpdated": "2024-11-15T21:35:26.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-8587
Vulnerability from cvelistv5
Published
2024-10-29 21:03
Modified
2024-12-16 05:50
Severity ?
EPSS score ?
Summary
A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Heap Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8587",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T13:51:55.963535Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T15:03:53.927Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpe": [
"cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "AutoCAD",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Heap Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
}
],
"value": "A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Heap Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-16T05:50:35.741Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Autodesk AutoCAD SLDPRT File Parsing Heap-based Buffer Overflow Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-8587",
"datePublished": "2024-10-29T21:03:58.156Z",
"dateReserved": "2024-09-09T03:01:59.536Z",
"dateUpdated": "2024-12-16T05:50:35.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-8597
Vulnerability from cvelistv5
Published
2024-10-29 21:12
Modified
2024-10-30 15:02
Severity ?
EPSS score ?
Summary
A maliciously crafted STP file when parsed in ASMDATAX230A.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8597",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T13:51:43.008403Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T15:02:24.584Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "AutoCAD",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted STP file when parsed in ASMDATAX230A.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
}
],
"value": "A maliciously crafted STP file when parsed in ASMDATAX230A.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T21:12:24.663Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Autodesk AutoCAD STEP File Parsing Memory Corruption Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-8597",
"datePublished": "2024-10-29T21:12:24.663Z",
"dateReserved": "2024-09-09T04:59:35.505Z",
"dateUpdated": "2024-10-30T15:02:24.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-8591
Vulnerability from cvelistv5
Published
2024-10-29 21:08
Modified
2024-10-30 15:03
Severity ?
EPSS score ?
Summary
A maliciously crafted 3DM file when parsed in AcTranslators.exe through Autodesk AutoCAD can force a Heap-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8591",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T13:51:49.844455Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T15:03:18.188Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "AutoCAD",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted 3DM file when parsed in AcTranslators.exe through Autodesk AutoCAD can force a Heap-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
}
],
"value": "A maliciously crafted 3DM file when parsed in AcTranslators.exe through Autodesk AutoCAD can force a Heap-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T21:08:22.860Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Autodesk AutoCAD 3DM File Parsing Heap-based Buffer Overflow Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-8591",
"datePublished": "2024-10-29T21:08:22.860Z",
"dateReserved": "2024-09-09T04:34:57.640Z",
"dateUpdated": "2024-10-30T15:03:18.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-9997
Vulnerability from cvelistv5
Published
2024-10-29 21:45
Modified
2024-11-15 21:41
Severity ?
EPSS score ?
Summary
A maliciously crafted DWG file when parsed in acdb25.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Autodesk | AutoCAD |
Version: 2025 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9997",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T13:51:29.745174Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T15:00:57.856Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AutoCAD",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AutoCAD LT",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AutoCAD Architecture",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AutoCAD Electrical",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AutoCAD Mechanical",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AutoCAD MEP",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AutoCAD Plant 3D",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Civil 3D",
"vendor": "AutoCAD",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Advance Steel",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DWG TrueView",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Infrastructure Parts Editor",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inventor",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Navisworks Manage",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Navisworks Simulate",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Revit",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Vault Basic Client",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted DWG file when parsed in acdb25.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
}
],
"value": "A maliciously crafted DWG file when parsed in acdb25.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T21:41:09.391Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0021"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Autodesk AutoCAD DWG File Parsing Memory Corruption Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-9997",
"datePublished": "2024-10-29T21:45:59.005Z",
"dateReserved": "2024-10-15T13:39:39.800Z",
"dateUpdated": "2024-11-15T21:41:09.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-9826
Vulnerability from cvelistv5
Published
2024-10-29 21:14
Modified
2024-10-30 15:01
Severity ?
EPSS score ?
Summary
A maliciously crafted 3DM file when parsed in atf_api.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9826",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T13:51:37.301745Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T15:01:50.007Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "AutoCAD",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted 3DM file when parsed in atf_api.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
}
],
"value": "A maliciously crafted 3DM file when parsed in atf_api.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T21:14:31.382Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Autodesk AutoCAD ACTranslators 3DM File Parsing Use-After-Free Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-9826",
"datePublished": "2024-10-29T21:14:31.382Z",
"dateReserved": "2024-10-10T18:38:23.523Z",
"dateUpdated": "2024-10-30T15:01:50.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-8595
Vulnerability from cvelistv5
Published
2024-10-29 21:10
Modified
2024-10-30 15:02
Severity ?
EPSS score ?
Summary
A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8595",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T13:51:46.090065Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T15:02:46.129Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "AutoCAD",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
}
],
"value": "A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T21:10:46.829Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Autodesk AutoCAD MODEL File Parsing Use-After-Free Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-8595",
"datePublished": "2024-10-29T21:10:46.829Z",
"dateReserved": "2024-09-09T04:51:46.055Z",
"dateUpdated": "2024-10-30T15:02:46.129Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-8600
Vulnerability from cvelistv5
Published
2024-10-29 21:14
Modified
2024-10-30 15:01
Severity ?
EPSS score ?
Summary
A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8600",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T13:51:38.514092Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T15:01:58.383Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AutoCAD",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
}
],
"value": "A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T21:14:01.152Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-8600",
"datePublished": "2024-10-29T21:14:01.152Z",
"dateReserved": "2024-09-09T05:11:47.491Z",
"dateUpdated": "2024-10-30T15:01:58.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-8896
Vulnerability from cvelistv5
Published
2024-10-29 21:43
Modified
2024-11-15 21:37
Severity ?
EPSS score ?
Summary
A maliciously crafted DXF file when parsed in acdb25.dll through Autodesk AutoCAD can force to access a variable prior to initialization. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Autodesk | AutoCAD |
Version: 2025 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8896",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T13:51:33.412413Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T15:01:25.860Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AutoCAD",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AutoCAD LT",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AutoCAD Architecture",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AutoCAD Electrical",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AutoCAD Mechanical",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AutoCAD MEP",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AutoCAD Plant 3D",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Civil 3D",
"vendor": "AutoCAD",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Advance Steel",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DWG TrueView",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Infrastructure Parts Editor",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inventor",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Navisworks Manage",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Navisworks Simulate",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Revit",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Vault Basic Client",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted DXF file when parsed in acdb25.dll\u0026nbsp;through Autodesk AutoCAD can force to access a variable prior to initialization. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
}
],
"value": "A maliciously crafted DXF file when parsed in acdb25.dll\u00a0through Autodesk AutoCAD can force to access a variable prior to initialization. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-908",
"description": "CWE-908 Use of Uninitialized Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T21:37:12.563Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0021"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Autodesk AutoCAD DXF File Parsing Unitialized Variable Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-8896",
"datePublished": "2024-10-29T21:43:11.437Z",
"dateReserved": "2024-09-16T14:34:49.668Z",
"dateUpdated": "2024-11-15T21:37:12.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-8589
Vulnerability from cvelistv5
Published
2024-10-29 21:07
Modified
2024-10-30 15:03
Severity ?
EPSS score ?
Summary
A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8589",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T13:51:52.742459Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T15:03:37.771Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "AutoCAD",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
}
],
"value": "A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T21:07:02.412Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Autodesk AutoCAD SLDPRT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-8589",
"datePublished": "2024-10-29T21:07:02.412Z",
"dateReserved": "2024-09-09T04:19:18.839Z",
"dateUpdated": "2024-10-30T15:03:37.771Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-9996
Vulnerability from cvelistv5
Published
2024-10-29 21:45
Modified
2024-11-15 21:39
Severity ?
EPSS score ?
Summary
A maliciously crafted DWG file when parsed in acdb25.dll through Autodesk AutoCAD can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Autodesk | AutoCAD |
Version: 2025 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9996",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T13:51:30.961199Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T15:01:08.447Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AutoCAD",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AutoCAD LT",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AutoCAD Architecture",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AutoCAD Electrical",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AutoCAD Mechanical",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AutoCAD MEP",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AutoCAD Plant 3D",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Civil 3D",
"vendor": "AutoCAD",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Advance Steel",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DWG TrueView",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Infrastructure Parts Editor",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inventor",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Navisworks Manage",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Navisworks Simulate",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Revit",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Vault Basic Client",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted DWG file when parsed in acdb25.dll through Autodesk AutoCAD can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
}
],
"value": "A maliciously crafted DWG file when parsed in acdb25.dll through Autodesk AutoCAD can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T21:39:50.983Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0021"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Autodesk AutoCAD DWG File Parsing Out-Of-Bounds Write Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-9996",
"datePublished": "2024-10-29T21:45:17.527Z",
"dateReserved": "2024-10-15T13:39:36.931Z",
"dateUpdated": "2024-11-15T21:39:50.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-8592
Vulnerability from cvelistv5
Published
2024-10-29 21:39
Modified
2024-10-30 15:01
Severity ?
EPSS score ?
Summary
A maliciously crafted CATPART file when parsed in AcTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8592",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T13:51:34.701094Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T15:01:34.310Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "AutoCAD",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2024.1.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted CATPART file when parsed in AcTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
}
],
"value": "A maliciously crafted CATPART file when parsed in AcTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T21:39:37.707Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0020"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Autodesk AutoCAD CATPART File Parsing Memory Corruption Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-8592",
"datePublished": "2024-10-29T21:39:37.707Z",
"dateReserved": "2024-09-09T04:38:44.793Z",
"dateUpdated": "2024-10-30T15:01:34.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-8593
Vulnerability from cvelistv5
Published
2024-10-29 21:08
Modified
2024-10-30 15:03
Severity ?
EPSS score ?
Summary
A maliciously crafted CATPART file when parsed in ASMKERN230A.dll through Autodesk AutoCAD can force a Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8593",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T13:51:48.544566Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T15:03:06.010Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AutoCAD",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted CATPART file when parsed in ASMKERN230A.dll through Autodesk AutoCAD can force a Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.\u0026nbsp;"
}
],
"value": "A maliciously crafted CATPART file when parsed in ASMKERN230A.dll through Autodesk AutoCAD can force a Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T21:08:53.971Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Autodesk AutoCAD CATPART File Parsing Out-Of-Bounds Write Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-8593",
"datePublished": "2024-10-29T21:08:53.971Z",
"dateReserved": "2024-09-09T04:41:53.966Z",
"dateUpdated": "2024-10-30T15:03:06.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-8598
Vulnerability from cvelistv5
Published
2024-10-29 21:12
Modified
2024-10-30 15:02
Severity ?
EPSS score ?
Summary
A maliciously crafted STP file when parsed in ACTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8598",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T13:51:41.264504Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T15:02:15.403Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "AutoCAD",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted STP file when parsed in ACTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.\u0026nbsp;"
}
],
"value": "A maliciously crafted STP file when parsed in ACTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T21:12:53.738Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Autodesk AutoCAD ACTranslators STEP File Parsing Memory Corruption Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-8598",
"datePublished": "2024-10-29T21:12:53.738Z",
"dateReserved": "2024-09-09T05:03:22.098Z",
"dateUpdated": "2024-10-30T15:02:15.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-8599
Vulnerability from cvelistv5
Published
2024-10-29 21:13
Modified
2024-10-30 15:02
Severity ?
EPSS score ?
Summary
A maliciously crafted STP file when parsed in ACTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8599",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T13:51:39.962735Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T15:02:07.007Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AutoCAD",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted STP file when parsed in ACTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.\u0026nbsp;"
}
],
"value": "A maliciously crafted STP file when parsed in ACTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T21:13:32.979Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Autodesk AutoCAD ACTranslators STP File Parsing Memory Corruption Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-8599",
"datePublished": "2024-10-29T21:13:32.979Z",
"dateReserved": "2024-09-09T05:07:41.856Z",
"dateUpdated": "2024-10-30T15:02:07.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-9827
Vulnerability from cvelistv5
Published
2024-10-29 21:14
Modified
2024-10-30 15:01
Severity ?
EPSS score ?
Summary
A maliciously crafted CATPART file when parsed in CC5Dll.dll through Autodesk AutoCAD can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9827",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T13:51:36.054365Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T15:01:41.929Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "AutoCAD",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted CATPART file when parsed in CC5Dll.dll through Autodesk AutoCAD can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
],
"value": "A maliciously crafted CATPART file when parsed in CC5Dll.dll through Autodesk AutoCAD can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T21:14:55.716Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Autodesk AutoCAD ACTranslators CATPART File Parsing Out-Of-Bounds Read Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-9827",
"datePublished": "2024-10-29T21:14:55.716Z",
"dateReserved": "2024-10-10T19:01:38.304Z",
"dateUpdated": "2024-10-30T15:01:41.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-7991
Vulnerability from cvelistv5
Published
2024-10-29 21:49
Modified
2024-11-15 21:41
Severity ?
EPSS score ?
Summary
A maliciously crafted DWG file, when parsed through Autodesk AutoCAD and certain AutoCAD-based products, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Autodesk | AutoCAD |
Version: 2025 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7991",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T13:51:28.629296Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T15:00:49.205Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AutoCAD",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AutoCAD LT",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AutoCAD Architecture",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AutoCAD Electrical",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AutoCAD Mechanical",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AutoCAD MEP",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AutoCAD Plant 3D",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Civil 3D",
"vendor": "AutoCAD",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Advance Steel",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DWG TrueView",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Infrastructure Parts Editor",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inventor",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Navisworks Manage",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Navisworks Simulate",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Revit",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Vault Basic Client",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDW\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eG\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e f\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eile,\u003c/span\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ewhen parsed\u003c/span\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ethrough Autodesk \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAutoCAD\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e and certain AutoCAD-based products,\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e can force an Out-of-Bound\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003es\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e Write. A malicious actor can \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003el\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eeverage\u003c/span\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ethis vulnerability to cause a crash, \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eread\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e sensitive data, or execute arbitrary code in the context of the current process. \u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted DWG file, when parsed through Autodesk AutoCAD and certain AutoCAD-based products, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T21:41:39.238Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0021"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Autodesk AutoCAD DWG Out-of-Bounds Write Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-7991",
"datePublished": "2024-10-29T21:49:02.128Z",
"dateReserved": "2024-08-19T21:37:04.701Z",
"dateUpdated": "2024-11-15T21:41:39.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-8596
Vulnerability from cvelistv5
Published
2024-10-29 21:11
Modified
2024-10-30 15:02
Severity ?
EPSS score ?
Summary
A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force an Out-of-Bound Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8596",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T13:51:44.864873Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T15:02:35.307Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "AutoCAD",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force an Out-of-Bound Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
}
],
"value": "A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force an Out-of-Bound Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T21:11:36.053Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Autodesk AutoCAD MODEL File Parsing Out-Of-Bounds Write Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-8596",
"datePublished": "2024-10-29T21:11:36.053Z",
"dateReserved": "2024-09-09T04:55:18.208Z",
"dateUpdated": "2024-10-30T15:02:35.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-8590
Vulnerability from cvelistv5
Published
2024-10-29 21:07
Modified
2024-10-30 15:03
Severity ?
EPSS score ?
Summary
A maliciously crafted 3DM file when parsed in atf_api.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8590",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T13:51:51.045399Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T15:03:28.300Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "AutoCAD",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted 3DM file when parsed in atf_api.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
}
],
"value": "A maliciously crafted 3DM file when parsed in atf_api.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T21:07:47.121Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Autodesk AutoCAD 3DM File Parsing Use-After-Free Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-8590",
"datePublished": "2024-10-29T21:07:47.121Z",
"dateReserved": "2024-09-09T04:30:14.958Z",
"dateUpdated": "2024-10-30T15:03:28.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-9489
Vulnerability from cvelistv5
Published
2024-10-29 21:44
Modified
2024-11-15 21:38
Severity ?
EPSS score ?
Summary
A maliciously crafted DWG file when parsed in ACAD.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Autodesk | AutoCAD |
Version: 2025 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9489",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T13:51:32.196438Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T15:01:17.148Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AutoCAD",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AutoCAD LT",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AutoCAD Architecture",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AutoCAD Electrical",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AutoCAD Mechanical",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AutoCAD MEP",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AutoCAD Plant 3D",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Civil 3D",
"vendor": "AutoCAD",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Advance Steel",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DWG TrueView",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Infrastructure Parts Editor",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inventor",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Navisworks Manage",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Navisworks Simulate",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Revit",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Vault Basic Client",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted DWG file when parsed in ACAD.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
}
],
"value": "A maliciously crafted DWG file when parsed in ACAD.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T21:38:35.308Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0021"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Autodesk AutoCAD DWG File Parsing Memory Corruption Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-9489",
"datePublished": "2024-10-29T21:44:39.027Z",
"dateReserved": "2024-10-03T18:19:18.769Z",
"dateUpdated": "2024-11-15T21:38:35.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-8594
Vulnerability from cvelistv5
Published
2024-10-29 21:09
Modified
2024-10-30 15:02
Severity ?
EPSS score ?
Summary
A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8594",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T13:51:47.322086Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T15:02:55.732Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "AutoCAD",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
}
],
"value": "A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T21:09:53.149Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Autodesk AutoCAD MODEL File Parsing Heap-based Buffer Overflow Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-8594",
"datePublished": "2024-10-29T21:09:53.149Z",
"dateReserved": "2024-09-09T04:47:17.676Z",
"dateUpdated": "2024-10-30T15:02:55.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-8588
Vulnerability from cvelistv5
Published
2024-10-29 21:06
Modified
2024-10-30 15:03
Severity ?
EPSS score ?
Summary
A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8588",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T13:51:54.487477Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T15:03:46.231Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "AutoCAD",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
}
],
"value": "A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T21:06:17.695Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Autodesk AutoCAD SLDPRT File Parsing Out-Of-Bounds Read Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-8588",
"datePublished": "2024-10-29T21:06:17.695Z",
"dateReserved": "2024-09-09T04:11:56.456Z",
"dateUpdated": "2024-10-30T15:03:46.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.