All the vulnerabilites related to Autodesk - Navisworks Freedom
cve-2024-11422
Vulnerability from cvelistv5
Published
2024-12-17 15:15
Modified
2024-12-17 16:03
Severity ?
EPSS score ?
Summary
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Autodesk | Navisworks Freedom |
Version: 2025 |
||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-11422", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-12-17T16:01:00.524165Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-17T16:03:52.756Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Navisworks Freedom", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Navisworks Simulate", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Navisworks Manage", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(248, 248, 248);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write v\u003c/span\u003eulnerability\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e" } ], "value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process." } ], "impacts": [ { "capecId": "CAPEC-100", "descriptions": [ { "lang": "en", "value": "CAPEC-100 Overflow Buffers" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-17T15:15:17.614Z", "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "shortName": "autodesk" }, "references": [ { "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0027" } ], "source": { "discovery": "UNKNOWN" }, "title": "DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "assignerShortName": "autodesk", "cveId": "CVE-2024-11422", "datePublished": "2024-12-17T15:15:17.614Z", "dateReserved": "2024-11-19T15:06:04.744Z", "dateUpdated": "2024-12-17T16:03:52.756Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-12194
Vulnerability from cvelistv5
Published
2024-12-17 15:20
Modified
2024-12-17 16:00
Severity ?
EPSS score ?
Summary
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Autodesk | Navisworks Freedom |
Version: 2025 |
||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-12194", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-12-17T16:00:36.826047Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-17T16:00:47.336Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Navisworks Freedom", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Navisworks Simulate", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Navisworks Manage", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(248, 248, 248);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force \u003c/span\u003ea Memory Corruption vulnerability\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e" } ], "value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process." } ], "impacts": [ { "capecId": "CAPEC-100", "descriptions": [ { "lang": "en", "value": "CAPEC-100 Overflow Buffers" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-17T15:20:17.674Z", "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "shortName": "autodesk" }, "references": [ { "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0027" } ], "source": { "discovery": "UNKNOWN" }, "title": "DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "assignerShortName": "autodesk", "cveId": "CVE-2024-12194", "datePublished": "2024-12-17T15:20:17.674Z", "dateReserved": "2024-12-04T17:03:52.996Z", "dateUpdated": "2024-12-17T16:00:47.336Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-7672
Vulnerability from cvelistv5
Published
2024-09-30 20:29
Modified
2024-12-03 16:44
Severity ?
EPSS score ?
Summary
A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Navisworks, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Autodesk | Navisworks Freedom |
Version: 2025 Version: 2024 Version: 2023 Version: 2022 |
||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:autodesk:navisworks_freedom:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "navisworks_freedom", "vendor": "autodesk", "versions": [ { "status": "affected", "version": "2025" }, { "status": "affected", "version": "2024" }, { "status": "affected", "version": "2023" }, { "status": "affected", "version": "2022" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:navisworks_simulate:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "navisworks_simulate", "vendor": "autodesk", "versions": [ { "status": "affected", "version": "2025" }, { "status": "affected", "version": "2024" }, { "status": "affected", "version": "2023" }, { "status": "affected", "version": "2022" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:navisworks_manage:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "navisworks_manage", "vendor": "autodesk", "versions": [ { "status": "affected", "version": "2025" }, { "status": "affected", "version": "2024" }, { "status": "affected", "version": "2023" }, { "status": "affected", "version": "2022" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-7672", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-30T21:01:15.457943Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-03T16:44:04.177Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Navisworks Freedom", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" }, { "status": "affected", "version": "2024" }, { "status": "affected", "version": "2023" }, { "status": "affected", "version": "2022" } ] }, { "defaultStatus": "unaffected", "product": "Navisworks Simulate", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" }, { "status": "affected", "version": "2024" }, { "status": "affected", "version": "2023" }, { "status": "affected", "version": "2022" } ] }, { "defaultStatus": "unaffected", "product": "Navisworks Manage", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" }, { "status": "affected", "version": "2024" }, { "status": "affected", "version": "2023" }, { "status": "affected", "version": "2022" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWF file, when parsed in dwfcore.dll\u003c/span\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ethrough Autodesk Navisworks, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e" } ], "value": "A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Navisworks, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process." } ], "impacts": [ { "capecId": "CAPEC-100", "descriptions": [ { "lang": "en", "value": "CAPEC-100 Overflow Buffers" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-07T06:06:13.529Z", "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "shortName": "autodesk" }, "references": [ { "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0015" } ], "source": { "discovery": "UNKNOWN" }, "title": "Out-of-Bounds Write Vulnerability in Autodesk Desktop Software", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "assignerShortName": "autodesk", "cveId": "CVE-2024-7672", "datePublished": "2024-09-30T20:29:03.464Z", "dateReserved": "2024-08-10T16:13:28.211Z", "dateUpdated": "2024-12-03T16:44:04.177Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-7671
Vulnerability from cvelistv5
Published
2024-09-30 20:28
Modified
2024-12-03 16:45
Severity ?
EPSS score ?
Summary
A maliciously crafted DWFX file, when parsed in dwfcore.dll through Autodesk Navisworks, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Autodesk | Navisworks Freedom |
Version: 2025 Version: 2024 Version: 2023 Version: 2022 |
||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:autodesk:navisworks_freedom:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "navisworks_freedom", "vendor": "autodesk", "versions": [ { "status": "affected", "version": "2025" }, { "status": "affected", "version": "2024" }, { "status": "affected", "version": "2023" }, { "status": "affected", "version": "2022" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:navisworks_simulate:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "navisworks_simulate", "vendor": "autodesk", "versions": [ { "status": "affected", "version": "2025" }, { "status": "affected", "version": "2024" }, { "status": "affected", "version": "2023" }, { "status": "affected", "version": "2022" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:navisworks_manage:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "navisworks_manage", "vendor": "autodesk", "versions": [ { "status": "affected", "version": "2025" }, { "status": "affected", "version": "2024" }, { "status": "affected", "version": "2023" }, { "status": "affected", "version": "2022" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-7671", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-30T21:01:16.740777Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-03T16:45:16.773Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Navisworks Freedom", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" }, { "status": "affected", "version": "2024" }, { "status": "affected", "version": "2023" }, { "status": "affected", "version": "2022" } ] }, { "defaultStatus": "unaffected", "product": "Navisworks Simulate", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" }, { "status": "affected", "version": "2024" }, { "status": "affected", "version": "2023" }, { "status": "affected", "version": "2022" } ] }, { "defaultStatus": "unaffected", "product": "Navisworks Manage", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" }, { "status": "affected", "version": "2024" }, { "status": "affected", "version": "2023" }, { "status": "affected", "version": "2022" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWFX file, when parsed\u003c/span\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ein \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003edwfcore.dll \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ethroug\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eh Autodesk Navisworks, can force an Out-of-Bounds \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWrite\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e. A malicious actor can \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eleverage\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e this vulnerability to cause a crash, \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ewrite\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e" } ], "value": "A maliciously crafted DWFX file, when parsed in dwfcore.dll through Autodesk Navisworks, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process." } ], "impacts": [ { "capecId": "CAPEC-100", "descriptions": [ { "lang": "en", "value": "CAPEC-100 Overflow Buffers" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-07T06:05:20.822Z", "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "shortName": "autodesk" }, "references": [ { "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0015" } ], "source": { "discovery": "UNKNOWN" }, "title": "Out-of-Bounds Write Vulnerability in Autodesk Desktop Software", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "assignerShortName": "autodesk", "cveId": "CVE-2024-7671", "datePublished": "2024-09-30T20:28:34.579Z", "dateReserved": "2024-08-10T16:13:26.356Z", "dateUpdated": "2024-12-03T16:45:16.773Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-12198
Vulnerability from cvelistv5
Published
2024-12-17 15:22
Modified
2024-12-17 16:00
Severity ?
EPSS score ?
Summary
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Autodesk | Navisworks Freedom |
Version: 2025 |
||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-12198", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-12-17T15:59:53.039934Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-17T16:00:06.771Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Navisworks Freedom", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Navisworks Simulate", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Navisworks Manage", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(248, 248, 248);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write \u003c/span\u003evulnerability\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e" } ], "value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process." } ], "impacts": [ { "capecId": "CAPEC-100", "descriptions": [ { "lang": "en", "value": "CAPEC-100 Overflow Buffers" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-17T15:22:49.565Z", "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "shortName": "autodesk" }, "references": [ { "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0027" } ], "source": { "discovery": "UNKNOWN" }, "title": "DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "assignerShortName": "autodesk", "cveId": "CVE-2024-12198", "datePublished": "2024-12-17T15:22:49.565Z", "dateReserved": "2024-12-04T17:07:49.179Z", "dateUpdated": "2024-12-17T16:00:06.771Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-7673
Vulnerability from cvelistv5
Published
2024-09-30 20:29
Modified
2024-12-03 16:43
Severity ?
EPSS score ?
Summary
A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Autodesk | Navisworks Freedom |
Version: 2025 Version: 2024 Version: 2023 Version: 2022 |
||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:autodesk:navisworks_freedom:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "navisworks_freedom", "vendor": "autodesk", "versions": [ { "status": "affected", "version": "2025" }, { "status": "affected", "version": "2024" }, { "status": "affected", "version": "2023" }, { "status": "affected", "version": "2022" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:navisworks_simulate:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "navisworks_simulate", "vendor": "autodesk", "versions": [ { "status": "affected", "version": "2025" }, { "status": "affected", "version": "2024" }, { "status": "affected", "version": "2023" }, { "status": "affected", "version": "2022" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:navisworks_manage:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "navisworks_manage", "vendor": "autodesk", "versions": [ { "status": "affected", "version": "2025" }, { "status": "affected", "version": "2024" }, { "status": "affected", "version": "2023" }, { "status": "affected", "version": "2022" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-7673", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-30T21:01:14.079173Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-03T16:43:53.572Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Navisworks Freedom", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" }, { "status": "affected", "version": "2024" }, { "status": "affected", "version": "2023" }, { "status": "affected", "version": "2022" } ] }, { "defaultStatus": "unaffected", "product": "Navisworks Simulate", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" }, { "status": "affected", "version": "2024" }, { "status": "affected", "version": "2023" }, { "status": "affected", "version": "2022" } ] }, { "defaultStatus": "unaffected", "product": "Navisworks Manage", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" }, { "status": "affected", "version": "2024" }, { "status": "affected", "version": "2023" }, { "status": "affected", "version": "2022" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWFX file, when parsed in w3dtk.dll\u003c/span\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ethrough Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e" } ], "value": "A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process." } ], "impacts": [ { "capecId": "CAPEC-100", "descriptions": [ { "lang": "en", "value": "CAPEC-100 Overflow Buffers" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-07T06:06:51.661Z", "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "shortName": "autodesk" }, "references": [ { "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0015" } ], "source": { "discovery": "UNKNOWN" }, "title": "Heap-based Buffer Overflow Vulnerability in Autodesk Desktop Software", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "assignerShortName": "autodesk", "cveId": "CVE-2024-7673", "datePublished": "2024-09-30T20:29:24.756Z", "dateReserved": "2024-08-10T16:13:29.464Z", "dateUpdated": "2024-12-03T16:43:53.572Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-12200
Vulnerability from cvelistv5
Published
2024-12-17 15:26
Modified
2024-12-17 15:56
Severity ?
EPSS score ?
Summary
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Autodesk | Navisworks Freedom |
Version: 2025 |
||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-12200", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-12-17T15:55:56.194600Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-17T15:56:09.767Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Navisworks Freedom", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Navisworks Simulate", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Navisworks Manage", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(248, 248, 248);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write \u003c/span\u003evulnerability\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e" } ], "value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process." } ], "impacts": [ { "capecId": "CAPEC-100", "descriptions": [ { "lang": "en", "value": "CAPEC-100 Overflow Buffers" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-17T15:26:28.404Z", "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "shortName": "autodesk" }, "references": [ { "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0027" } ], "source": { "discovery": "UNKNOWN" }, "title": "DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "assignerShortName": "autodesk", "cveId": "CVE-2024-12200", "datePublished": "2024-12-17T15:26:28.404Z", "dateReserved": "2024-12-04T17:09:35.223Z", "dateUpdated": "2024-12-17T15:56:09.767Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-12197
Vulnerability from cvelistv5
Published
2024-12-17 15:21
Modified
2024-12-17 16:00
Severity ?
EPSS score ?
Summary
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Autodesk | Navisworks Freedom |
Version: 2025 |
||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-12197", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-12-17T16:00:18.108656Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-17T16:00:26.418Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Navisworks Freedom", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Navisworks Simulate", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Navisworks Manage", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(248, 248, 248);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write \u003c/span\u003evulnerability\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e" } ], "value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process." } ], "impacts": [ { "capecId": "CAPEC-100", "descriptions": [ { "lang": "en", "value": "CAPEC-100 Overflow Buffers" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-17T15:21:43.044Z", "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "shortName": "autodesk" }, "references": [ { "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0027" } ], "source": { "discovery": "UNKNOWN" }, "title": "DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "assignerShortName": "autodesk", "cveId": "CVE-2024-12197", "datePublished": "2024-12-17T15:21:43.044Z", "dateReserved": "2024-12-04T17:05:00.492Z", "dateUpdated": "2024-12-17T16:00:26.418Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-12193
Vulnerability from cvelistv5
Published
2024-12-17 15:18
Modified
2024-12-17 15:37
Severity ?
EPSS score ?
Summary
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Autodesk | Navisworks Freedom |
Version: 2025 |
||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-12193", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-12-17T15:35:43.313638Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-17T15:37:12.286Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Navisworks Freedom", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Navisworks Simulate", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Navisworks Manage", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(248, 248, 248);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write \u003c/span\u003evulnerability\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e" } ], "value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process." } ], "impacts": [ { "capecId": "CAPEC-100", "descriptions": [ { "lang": "en", "value": "CAPEC-100 Overflow Buffers" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-17T15:18:38.961Z", "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "shortName": "autodesk" }, "references": [ { "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0027" } ], "source": { "discovery": "UNKNOWN" }, "title": "DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "assignerShortName": "autodesk", "cveId": "CVE-2024-12193", "datePublished": "2024-12-17T15:18:38.961Z", "dateReserved": "2024-12-04T17:02:44.990Z", "dateUpdated": "2024-12-17T15:37:12.286Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-7670
Vulnerability from cvelistv5
Published
2024-09-30 20:25
Modified
2024-12-03 16:45
Severity ?
EPSS score ?
Summary
A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Autodesk | Navisworks Freedom |
Version: 2025 Version: 2024 Version: 2023 Version: 2022 |
||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:autodesk:navisworks_freedom:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "navisworks_freedom", "vendor": "autodesk", "versions": [ { "status": "affected", "version": "2025" }, { "status": "affected", "version": "2024" }, { "status": "affected", "version": "2023" }, { "status": "affected", "version": "2022" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:navisworks_simulate:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "navisworks_simulate", "vendor": "autodesk", "versions": [ { "status": "affected", "version": "2025" }, { "status": "affected", "version": "2024" }, { "status": "affected", "version": "2023" }, { "status": "affected", "version": "2022" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:navisworks_manage:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "navisworks_manage", "vendor": "autodesk", "versions": [ { "status": "affected", "version": "2025" }, { "status": "affected", "version": "2024" }, { "status": "affected", "version": "2023" }, { "status": "affected", "version": "2022" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-7670", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-30T21:01:17.882957Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-03T16:45:29.229Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Navisworks Freedom", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" }, { "status": "affected", "version": "2024" }, { "status": "affected", "version": "2023" }, { "status": "affected", "version": "2022" } ] }, { "defaultStatus": "unaffected", "product": "Navisworks Simulate", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" }, { "status": "affected", "version": "2024" }, { "status": "affected", "version": "2023" }, { "status": "affected", "version": "2022" } ] }, { "defaultStatus": "unaffected", "product": "Navisworks Manage", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" }, { "status": "affected", "version": "2024" }, { "status": "affected", "version": "2023" }, { "status": "affected", "version": "2022" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDWF\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eX\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e f\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eile,\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e when pars\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eed\u003c/span\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ein \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ew3dtk.dll \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eth\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003erough Autodesk \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNavisworks\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e,\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e can force an Out-of-Bound\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003es\u003c/span\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eR\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ee\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ead\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e. A malicious actor can\u003c/span\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eleverag\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ee\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e this vulnerability to cause a crash, \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eread\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e sensitive data, or execute arbitrary code in the context of the current process. \u003c/span\u003e\u003cbr\u003e" } ], "value": "A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process." } ], "impacts": [ { "capecId": "CAPEC-100", "descriptions": [ { "lang": "en", "value": "CAPEC-100 Overflow Buffers" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-07T06:05:47.593Z", "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "shortName": "autodesk" }, "references": [ { "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0015" } ], "source": { "discovery": "UNKNOWN" }, "title": "Out-of-Bounds Read Vulnerability in Autodesk Desktop Software", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "assignerShortName": "autodesk", "cveId": "CVE-2024-7670", "datePublished": "2024-09-30T20:25:32.777Z", "dateReserved": "2024-08-10T16:13:22.403Z", "dateUpdated": "2024-12-03T16:45:29.229Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-12670
Vulnerability from cvelistv5
Published
2024-12-17 15:28
Modified
2024-12-17 15:46
Severity ?
EPSS score ?
Summary
A maliciously crafted DWF file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Autodesk | Navisworks Freedom |
Version: 2025 |
||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-12670", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-12-17T15:46:17.014347Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-17T15:46:52.263Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Navisworks Freedom", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Navisworks Simulate", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Navisworks Manage", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(248, 248, 248);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWF file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e" } ], "value": "A maliciously crafted DWF file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process." } ], "impacts": [ { "capecId": "CAPEC-100", "descriptions": [ { "lang": "en", "value": "CAPEC-100 Overflow Buffers" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-17T15:28:05.933Z", "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "shortName": "autodesk" }, "references": [ { "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0027" } ], "source": { "discovery": "UNKNOWN" }, "title": "DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "assignerShortName": "autodesk", "cveId": "CVE-2024-12670", "datePublished": "2024-12-17T15:28:05.933Z", "dateReserved": "2024-12-16T14:41:31.535Z", "dateUpdated": "2024-12-17T15:46:52.263Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-7675
Vulnerability from cvelistv5
Published
2024-09-30 20:30
Modified
2024-12-03 16:40
Severity ?
EPSS score ?
Summary
A maliciously crafted DWF file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Use-After-Free. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Autodesk | Navisworks Freedom |
Version: 2025 Version: 2024 Version: 2023 Version: 2022 |
||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:autodesk:navisworks_freedom:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "navisworks_freedom", "vendor": "autodesk", "versions": [ { "status": "affected", "version": "2025" }, { "status": "affected", "version": "2024" }, { "status": "affected", "version": "2023" }, { "status": "affected", "version": "2022" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:navisworks_simulate:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "navisworks_simulate", "vendor": "autodesk", "versions": [ { "status": "affected", "version": "2025" }, { "status": "affected", "version": "2024" }, { "status": "affected", "version": "2023" }, { "status": "affected", "version": "2022" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:navisworks_manage:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "navisworks_manage", "vendor": "autodesk", "versions": [ { "status": "affected", "version": "2025" }, { "status": "affected", "version": "2024" }, { "status": "affected", "version": "2023" }, { "status": "affected", "version": "2022" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-7675", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-30T21:01:10.970180Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-03T16:40:59.006Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Navisworks Freedom", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" }, { "status": "affected", "version": "2024" }, { "status": "affected", "version": "2023" }, { "status": "affected", "version": "2022" } ] }, { "defaultStatus": "unaffected", "product": "Navisworks Simulate", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" }, { "status": "affected", "version": "2024" }, { "status": "affected", "version": "2023" }, { "status": "affected", "version": "2022" } ] }, { "defaultStatus": "unaffected", "product": "Navisworks Manage", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" }, { "status": "affected", "version": "2024" }, { "status": "affected", "version": "2023" }, { "status": "affected", "version": "2022" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWF file, when parsed in w3dtk.dll\u003c/span\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ethrough Autodesk Navisworks, can force a Use-After-Free. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e" } ], "value": "A maliciously crafted DWF file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Use-After-Free. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process." } ], "impacts": [ { "capecId": "CAPEC-100", "descriptions": [ { "lang": "en", "value": "CAPEC-100 Overflow Buffers" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-07T06:07:51.513Z", "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "shortName": "autodesk" }, "references": [ { "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0015" } ], "source": { "discovery": "UNKNOWN" }, "title": "Use After Free Vulnerability in Autodesk Desktop Software", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "assignerShortName": "autodesk", "cveId": "CVE-2024-7675", "datePublished": "2024-09-30T20:30:31.826Z", "dateReserved": "2024-08-10T16:13:31.696Z", "dateUpdated": "2024-12-03T16:40:59.006Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-12192
Vulnerability from cvelistv5
Published
2024-12-17 15:17
Modified
2024-12-17 15:34
Severity ?
EPSS score ?
Summary
A maliciously crafted DWF file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Autodesk | Navisworks Freedom |
Version: 2025 |
||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-12192", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-12-17T15:33:49.813338Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-17T15:34:02.527Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Navisworks Freedom", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Navisworks Simulate", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Navisworks Manage", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(248, 248, 248);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWF file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write \u003c/span\u003evulnerability\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e" } ], "value": "A maliciously crafted DWF file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process." } ], "impacts": [ { "capecId": "CAPEC-100", "descriptions": [ { "lang": "en", "value": "CAPEC-100 Overflow Buffers" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-17T15:17:56.627Z", "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "shortName": "autodesk" }, "references": [ { "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0027" } ], "source": { "discovery": "UNKNOWN" }, "title": "DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "assignerShortName": "autodesk", "cveId": "CVE-2024-12192", "datePublished": "2024-12-17T15:17:56.627Z", "dateReserved": "2024-12-04T17:01:22.228Z", "dateUpdated": "2024-12-17T15:34:02.527Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-12191
Vulnerability from cvelistv5
Published
2024-12-17 15:17
Modified
2024-12-17 15:34
Severity ?
EPSS score ?
Summary
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Autodesk | Navisworks Freedom |
Version: 2025 |
||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-12191", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-12-17T15:34:49.276077Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-17T15:34:57.310Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Navisworks Freedom", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Navisworks Simulate", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Navisworks Manage", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(248, 248, 248);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWFX file, when parsed through Autodesk Navisworks, \u003c/span\u003ecan force an Out-of-Bounds Write vulnerability\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e" } ], "value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process." } ], "impacts": [ { "capecId": "CAPEC-100", "descriptions": [ { "lang": "en", "value": "CAPEC-100 Overflow Buffers" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-17T15:17:15.621Z", "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "shortName": "autodesk" }, "references": [ { "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0027" } ], "source": { "discovery": "UNKNOWN" }, "title": "DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "assignerShortName": "autodesk", "cveId": "CVE-2024-12191", "datePublished": "2024-12-17T15:17:15.621Z", "dateReserved": "2024-12-04T17:00:16.111Z", "dateUpdated": "2024-12-17T15:34:57.310Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-12669
Vulnerability from cvelistv5
Published
2024-12-17 15:27
Modified
2024-12-17 15:55
Severity ?
EPSS score ?
Summary
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Autodesk | Navisworks Freedom |
Version: 2025 |
||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-12669", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-12-17T15:55:15.741934Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-17T15:55:46.891Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Navisworks Freedom", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Navisworks Simulate", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Navisworks Manage", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(248, 248, 248);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e" } ], "value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process." } ], "impacts": [ { "capecId": "CAPEC-100", "descriptions": [ { "lang": "en", "value": "CAPEC-100 Overflow Buffers" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-17T15:27:17.052Z", "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "shortName": "autodesk" }, "references": [ { "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0027" } ], "source": { "discovery": "UNKNOWN" }, "title": "DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "assignerShortName": "autodesk", "cveId": "CVE-2024-12669", "datePublished": "2024-12-17T15:27:17.052Z", "dateReserved": "2024-12-16T14:24:34.883Z", "dateUpdated": "2024-12-17T15:55:46.891Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-7674
Vulnerability from cvelistv5
Published
2024-09-30 20:30
Modified
2024-12-03 16:43
Severity ?
EPSS score ?
Summary
A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Autodesk | Navisworks Freedom |
Version: 2025 Version: 2024 Version: 2023 Version: 2022 |
||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:autodesk:navisworks_freedom:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "navisworks_freedom", "vendor": "autodesk", "versions": [ { "status": "affected", "version": "2025" }, { "status": "affected", "version": "2024" }, { "status": "affected", "version": "2023" }, { "status": "affected", "version": "2022" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:navisworks_simulate:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "navisworks_simulate", "vendor": "autodesk", "versions": [ { "status": "affected", "version": "2025" }, { "status": "affected", "version": "2024" }, { "status": "affected", "version": "2023" }, { "status": "affected", "version": "2022" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:navisworks_manage:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "navisworks_manage", "vendor": "autodesk", "versions": [ { "status": "affected", "version": "2025" }, { "status": "affected", "version": "2024" }, { "status": "affected", "version": "2023" }, { "status": "affected", "version": "2022" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-7674", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-30T21:01:12.546535Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-03T16:43:00.820Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Navisworks Freedom", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" }, { "status": "affected", "version": "2024" }, { "status": "affected", "version": "2023" }, { "status": "affected", "version": "2022" } ] }, { "defaultStatus": "unaffected", "product": "Navisworks Simulate", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" }, { "status": "affected", "version": "2024" }, { "status": "affected", "version": "2023" }, { "status": "affected", "version": "2022" } ] }, { "defaultStatus": "unaffected", "product": "Navisworks Manage", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" }, { "status": "affected", "version": "2024" }, { "status": "affected", "version": "2023" }, { "status": "affected", "version": "2022" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWF file, when parsed in dwfcore.dll\u003c/span\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ethrough Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e" } ], "value": "A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process." } ], "impacts": [ { "capecId": "CAPEC-100", "descriptions": [ { "lang": "en", "value": "CAPEC-100 Overflow Buffers" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-07T06:07:22.975Z", "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "shortName": "autodesk" }, "references": [ { "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0015" } ], "source": { "discovery": "UNKNOWN" }, "title": "Heap-based Buffer Overflow Vulnerability in Autodesk Desktop Software", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "assignerShortName": "autodesk", "cveId": "CVE-2024-7674", "datePublished": "2024-09-30T20:30:07.187Z", "dateReserved": "2024-08-10T16:13:30.551Z", "dateUpdated": "2024-12-03T16:43:00.820Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-12671
Vulnerability from cvelistv5
Published
2024-12-17 15:28
Modified
2024-12-17 15:46
Severity ?
EPSS score ?
Summary
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Autodesk | Navisworks Freedom |
Version: 2025 |
||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-12671", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-12-17T15:45:56.846039Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-17T15:46:05.397Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Navisworks Freedom", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Navisworks Simulate", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Navisworks Manage", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(248, 248, 248);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write \u003c/span\u003evulnerability\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e" } ], "value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process." } ], "impacts": [ { "capecId": "CAPEC-100", "descriptions": [ { "lang": "en", "value": "CAPEC-100 Overflow Buffers" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-17T15:28:48.438Z", "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "shortName": "autodesk" }, "references": [ { "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0027" } ], "source": { "discovery": "UNKNOWN" }, "title": "DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "assignerShortName": "autodesk", "cveId": "CVE-2024-12671", "datePublished": "2024-12-17T15:28:48.438Z", "dateReserved": "2024-12-16T14:52:33.930Z", "dateUpdated": "2024-12-17T15:46:05.397Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-12178
Vulnerability from cvelistv5
Published
2024-12-17 15:16
Modified
2024-12-17 15:36
Severity ?
EPSS score ?
Summary
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Autodesk | Navisworks Freedom |
Version: 2025 |
||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-12178", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-12-17T15:36:10.207026Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-17T15:36:28.205Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Navisworks Freedom", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Navisworks Simulate", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Navisworks Manage", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(248, 248, 248);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force \u003c/span\u003ea Memory Corruption vulnerability\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e" } ], "value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process." } ], "impacts": [ { "capecId": "CAPEC-100", "descriptions": [ { "lang": "en", "value": "CAPEC-100 Overflow Buffers" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-17T15:16:31.988Z", "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "shortName": "autodesk" }, "references": [ { "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0027" } ], "source": { "discovery": "UNKNOWN" }, "title": "DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "assignerShortName": "autodesk", "cveId": "CVE-2024-12178", "datePublished": "2024-12-17T15:16:31.988Z", "dateReserved": "2024-12-04T16:29:28.425Z", "dateUpdated": "2024-12-17T15:36:28.205Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-12179
Vulnerability from cvelistv5
Published
2024-12-17 15:19
Modified
2024-12-17 15:31
Severity ?
EPSS score ?
Summary
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Autodesk | Navisworks Freedom |
Version: 2025 |
||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-12179", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-12-17T15:30:23.695137Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-17T15:31:25.599Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Navisworks Freedom", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Navisworks Simulate", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Navisworks Manage", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(248, 248, 248);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWFX file, when parsed through Autodesk Navisworks, \u003c/span\u003ecan be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage\u0026nbsp;this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e" } ], "value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage\u00a0this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process." } ], "impacts": [ { "capecId": "CAPEC-100", "descriptions": [ { "lang": "en", "value": "CAPEC-100 Overflow Buffers" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-17T15:19:29.587Z", "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "shortName": "autodesk" }, "references": [ { "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0027" } ], "source": { "discovery": "UNKNOWN" }, "title": "DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "assignerShortName": "autodesk", "cveId": "CVE-2024-12179", "datePublished": "2024-12-17T15:19:29.587Z", "dateReserved": "2024-12-04T16:30:45.791Z", "dateUpdated": "2024-12-17T15:31:25.599Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-12199
Vulnerability from cvelistv5
Published
2024-12-17 15:24
Modified
2024-12-17 15:59
Severity ?
EPSS score ?
Summary
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Autodesk | Navisworks Freedom |
Version: 2025 |
||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-12199", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-12-17T15:56:24.600977Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-17T15:59:42.505Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Navisworks Freedom", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Navisworks Simulate", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Navisworks Manage", "vendor": "Autodesk", "versions": [ { "status": "affected", "version": "2025" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(248, 248, 248);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write \u003c/span\u003evulnerability\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e" } ], "value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process." } ], "impacts": [ { "capecId": "CAPEC-100", "descriptions": [ { "lang": "en", "value": "CAPEC-100 Overflow Buffers" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-17T15:24:15.296Z", "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "shortName": "autodesk" }, "references": [ { "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0027" } ], "source": { "discovery": "UNKNOWN" }, "title": "DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "assignerShortName": "autodesk", "cveId": "CVE-2024-12199", "datePublished": "2024-12-17T15:24:15.296Z", "dateReserved": "2024-12-04T17:08:43.647Z", "dateUpdated": "2024-12-17T15:59:42.505Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }