All the vulnerabilites related to Autodesk - Revit
cve-2024-11268
Vulnerability from cvelistv5
Published
2024-12-09 17:42
Modified
2024-12-09 18:07
Summary
A maliciously crafted PDF file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash or could lead to an arbitrary memory leak.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11268",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-09T18:07:50.635674Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-09T18:07:57.640Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Revit",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            },
            {
              "status": "affected",
              "version": "2024"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted PDF file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash or could lead to an arbitrary memory leak.\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted PDF file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash or could lead to an arbitrary memory leak."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-09T17:42:15.362Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0024"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "PDF File Parsing Vulnerability in Autodesk Revit",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-11268",
    "datePublished": "2024-12-09T17:42:15.362Z",
    "dateReserved": "2024-11-15T17:53:44.142Z",
    "dateUpdated": "2024-12-09T18:07:57.640Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-7993
Vulnerability from cvelistv5
Published
2024-10-16 21:47
Modified
2024-10-17 16:19
Summary
A maliciously crafted PDF file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "revit",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2024.2.2",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.3",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7993",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-17T16:17:26.757982Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-17T16:19:18.837Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Revit",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            },
            {
              "status": "affected",
              "version": "2024"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePDF \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efile, when parsed through Autodesk \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eRevit\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e, can force an Out-of-Bounds Write. A malicious actor can \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eleverage\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e this vulnerability to cause a crash, \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ewrite \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003esensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted PDF file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-16T21:47:31.739Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0018"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Out-of-Bounds Write Vulnerability in Autodesk Revit",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-7993",
    "datePublished": "2024-10-16T21:47:31.739Z",
    "dateReserved": "2024-08-19T21:37:09.626Z",
    "dateUpdated": "2024-10-17T16:19:18.837Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-40162
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-04 02:27
Severity ?
Summary
A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T02:27:31.539Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Revit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2022, 2021, 2020, 2019"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-Band Read",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-07T00:00:00",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2021-40162",
    "datePublished": "2022-10-07T00:00:00",
    "dateReserved": "2021-08-27T00:00:00",
    "dateUpdated": "2024-08-04T02:27:31.539Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2005-4710
Vulnerability from cvelistv5
Published
2006-02-10 11:00
Modified
2024-08-07 23:53
Severity ?
Summary
Unspecified vulnerability in multiple Autodesk and AutoCAD products and product families from 2006 and earlier allows remote attackers to "gain inappropriate access to another local user's computer," aka ID DL5549329.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T23:53:28.986Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://usa.autodesk.com/adsk/servlet/ps/dl/item?siteID=123112\u0026id=5549329\u0026linkID=4183232"
          },
          {
            "name": "18682",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18682"
          },
          {
            "name": "autodesk-gain-privileges(24460)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24460"
          },
          {
            "name": "16472",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/16472"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-10-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in multiple Autodesk and AutoCAD products and product families from 2006 and earlier allows remote attackers to \"gain inappropriate access to another local user\u0027s computer,\" aka ID DL5549329."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://usa.autodesk.com/adsk/servlet/ps/dl/item?siteID=123112\u0026id=5549329\u0026linkID=4183232"
        },
        {
          "name": "18682",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18682"
        },
        {
          "name": "autodesk-gain-privileges(24460)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24460"
        },
        {
          "name": "16472",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/16472"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-4710",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in multiple Autodesk and AutoCAD products and product families from 2006 and earlier allows remote attackers to \"gain inappropriate access to another local user\u0027s computer,\" aka ID DL5549329."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://usa.autodesk.com/adsk/servlet/ps/dl/item?siteID=123112\u0026id=5549329\u0026linkID=4183232",
              "refsource": "CONFIRM",
              "url": "http://usa.autodesk.com/adsk/servlet/ps/dl/item?siteID=123112\u0026id=5549329\u0026linkID=4183232"
            },
            {
              "name": "18682",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18682"
            },
            {
              "name": "autodesk-gain-privileges(24460)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24460"
            },
            {
              "name": "16472",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/16472"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-4710",
    "datePublished": "2006-02-10T11:00:00",
    "dateReserved": "2006-02-10T00:00:00",
    "dateUpdated": "2024-08-07T23:53:28.986Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-9996
Vulnerability from cvelistv5
Published
2024-10-29 21:45
Modified
2024-11-15 21:39
Summary
A maliciously crafted DWG file when parsed in acdb25.dll through Autodesk AutoCAD can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
Impacted products
Vendor Product Version
Autodesk AutoCAD LT Version: 2025
Autodesk AutoCAD Architecture Version: 2025
Autodesk AutoCAD Electrical Version: 2025
Autodesk AutoCAD Mechanical Version: 2025
Autodesk AutoCAD MEP Version: 2025
Autodesk AutoCAD Plant 3D Version: 2025
AutoCAD Civil 3D Version: 2025
Autodesk Advance Steel Version: 2025
Autodesk DWG TrueView Version: 2025
Autodesk Infrastructure Parts Editor Version: 2025
Autodesk Inventor Version: 2025
Autodesk Navisworks Manage Version: 2025
Autodesk Navisworks Simulate Version: 2025
Autodesk Revit Version: 2025
Autodesk Vault Basic Client Version: 2025
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-9996",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:30.961199Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:01:08.447Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD LT",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "AutoCAD",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DWG TrueView",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Infrastructure Parts Editor",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Inventor",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Navisworks Manage",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Navisworks Simulate",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Revit",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Vault Basic Client",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted DWG file when parsed in acdb25.dll through Autodesk AutoCAD can force an Out-of-Bounds Write vulnerability.  A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
            }
          ],
          "value": "A maliciously crafted DWG file when parsed in acdb25.dll through Autodesk AutoCAD can force an Out-of-Bounds Write vulnerability.  A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-15T21:39:50.983Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0021"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autodesk AutoCAD DWG File Parsing Out-Of-Bounds Write Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-9996",
    "datePublished": "2024-10-29T21:45:17.527Z",
    "dateReserved": "2024-10-15T13:39:36.931Z",
    "dateUpdated": "2024-11-15T21:39:50.983Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-11454
Vulnerability from cvelistv5
Published
2024-12-09 17:48
Modified
2024-12-09 18:07
Summary
A maliciously crafted DLL file, when placed in the same directory as an RVT file could be loaded by Autodesk Revit, and execute arbitrary code in the context of the current process due to an untrusted search patch being utilized.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:revit:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "revit",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2025"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11454",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-09T18:05:41.484045Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-09T18:07:39.304Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Revit",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DLL file, when placed in the same directory as an RVT file could be loaded by Autodesk Revit, and execute arbitrary code in the context of the current process due to an untrusted search patch being utilized.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted DLL file, when placed in the same directory as an RVT file could be loaded by Autodesk Revit, and execute arbitrary code in the context of the current process due to an untrusted search patch being utilized."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-471",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-471 Search Order Hijacking"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-426",
              "description": "CWE-426 Untrusted Search Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-09T17:48:30.983Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0025"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Untrusted Search Path vulnerability in Autodesk Revit",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-11454",
    "datePublished": "2024-12-09T17:48:30.983Z",
    "dateReserved": "2024-11-19T20:14:29.710Z",
    "dateUpdated": "2024-12-09T18:07:39.304Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-40165
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-04 02:27
Severity ?
Summary
A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocated buffer while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T02:27:31.537Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Revit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2022, 2021, 2020, 2019"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocated buffer while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Buffer Overflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-07T00:00:00",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2021-40165",
    "datePublished": "2022-10-07T00:00:00",
    "dateReserved": "2021-08-27T00:00:00",
    "dateUpdated": "2024-08-04T02:27:31.537Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-40164
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-04 02:27
Severity ?
Summary
A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T02:27:31.502Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Revit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2022, 2021, 2020, 2019"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Heap-based Overflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-07T00:00:00",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2021-40164",
    "datePublished": "2022-10-07T00:00:00",
    "dateReserved": "2021-08-27T00:00:00",
    "dateUpdated": "2024-08-04T02:27:31.502Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-25004
Vulnerability from cvelistv5
Published
2023-06-27 00:00
Modified
2024-12-05 14:40
Severity ?
Summary
A maliciously crafted pskernel.dll file in Autodesk products is used to trigger integer overflow vulnerabilities. Exploitation of these vulnerabilities may lead to code execution.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:11:43.391Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-25004",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-05T14:39:57.188378Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-05T14:40:18.983Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk products",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2023, 2022, 2021, 2020"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A maliciously crafted pskernel.dll file in Autodesk products is used to trigger integer overflow vulnerabilities. Exploitation of these vulnerabilities may lead to code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Integer Overflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-27T00:00:00",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2023-25004",
    "datePublished": "2023-06-27T00:00:00",
    "dateReserved": "2023-02-01T00:00:00",
    "dateUpdated": "2024-12-05T14:40:18.983Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-9489
Vulnerability from cvelistv5
Published
2024-10-29 21:44
Modified
2024-11-15 21:38
Summary
A maliciously crafted DWG file when parsed in ACAD.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
Impacted products
Vendor Product Version
Autodesk AutoCAD LT Version: 2025
Autodesk AutoCAD Architecture Version: 2025
Autodesk AutoCAD Electrical Version: 2025
Autodesk AutoCAD Mechanical Version: 2025
Autodesk AutoCAD MEP Version: 2025
Autodesk AutoCAD Plant 3D Version: 2025
AutoCAD Civil 3D Version: 2025
Autodesk Advance Steel Version: 2025
Autodesk DWG TrueView Version: 2025
Autodesk Infrastructure Parts Editor Version: 2025
Autodesk Inventor Version: 2025
Autodesk Navisworks Manage Version: 2025
Autodesk Navisworks Simulate Version: 2025
Autodesk Revit Version: 2025
Autodesk Vault Basic Client Version: 2025
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-9489",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:32.196438Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:01:17.148Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD LT",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "AutoCAD",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DWG TrueView",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Infrastructure Parts Editor",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Inventor",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Navisworks Manage",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Navisworks Simulate",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Revit",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Vault Basic Client",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted DWG file when parsed in ACAD.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
            }
          ],
          "value": "A maliciously crafted DWG file when parsed in ACAD.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-15T21:38:35.308Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0021"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autodesk AutoCAD DWG File Parsing Memory Corruption Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-9489",
    "datePublished": "2024-10-29T21:44:39.027Z",
    "dateReserved": "2024-10-03T18:19:18.769Z",
    "dateUpdated": "2024-11-15T21:38:35.308Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-25002
Vulnerability from cvelistv5
Published
2023-06-27 00:00
Modified
2024-12-05 14:39
Severity ?
Summary
A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:11:43.501Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0002"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-25002",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-05T14:38:10.506379Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-05T14:39:41.206Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Multiple",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2023, 2022, 2021"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Use-after-free vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-27T00:00:00",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0002"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2023-25002",
    "datePublished": "2023-06-27T00:00:00",
    "dateReserved": "2023-02-01T00:00:00",
    "dateUpdated": "2024-12-05T14:39:41.206Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-7994
Vulnerability from cvelistv5
Published
2024-10-16 21:47
Modified
2024-10-18 18:01
Summary
A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Stack-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:revit:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "revit",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              },
              {
                "status": "affected",
                "version": "2025"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7994",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-18T17:59:24.381901Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-18T18:01:01.085Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Revit",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            },
            {
              "status": "affected",
              "version": "2024"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eRFA \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efile, when parsed through Autodesk \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eRevit\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e, can force a\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e Stack-Based Buffer Overflow\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e. A malicious actor can \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eleverage\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Stack-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-16T21:47:51.258Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0017"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Stack-Based Buffer Overflow Vulnerability in Autodesk Revit",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-7994",
    "datePublished": "2024-10-16T21:47:51.258Z",
    "dateReserved": "2024-08-19T21:37:10.490Z",
    "dateUpdated": "2024-10-18T18:01:01.085Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-40161
Vulnerability from cvelistv5
Published
2021-12-23 18:31
Modified
2024-08-04 02:27
Severity ?
Summary
A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T02:27:31.589Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Revit, Navisworks, Autodesk\u00ae Advance Steel, AutoCAD\u00ae, AutoCAD\u00ae Architecture, AutoCAD\u00ae Electrical, AutoCAD\u00ae Map 3D, AutoCAD\u00ae Mechanical, AutoCAD\u00ae MEP, AutoCAD\u00ae Plant 3D, AutoCAD\u00ae LT,  Autodesk\u00ae Civil 3D, AutoCAD\u00ae Mac, AutoCAD\u00ae LT for Mac",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "prior to 9.0.7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Memory Corruption Vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-18T16:20:49",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@autodesk.com",
          "ID": "CVE-2021-40161",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Revit, Navisworks, Autodesk\u00ae Advance Steel, AutoCAD\u00ae, AutoCAD\u00ae Architecture, AutoCAD\u00ae Electrical, AutoCAD\u00ae Map 3D, AutoCAD\u00ae Mechanical, AutoCAD\u00ae MEP, AutoCAD\u00ae Plant 3D, AutoCAD\u00ae LT,  Autodesk\u00ae Civil 3D, AutoCAD\u00ae Mac, AutoCAD\u00ae LT for Mac",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to 9.0.7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Memory Corruption Vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010",
              "refsource": "MISC",
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2021-40161",
    "datePublished": "2021-12-23T18:31:43",
    "dateReserved": "2021-08-27T00:00:00",
    "dateUpdated": "2024-08-04T02:27:31.589Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-11608
Vulnerability from cvelistv5
Published
2024-12-09 17:53
Modified
2024-12-09 18:05
Summary
A maliciously crafted SKP file, when linked or imported into Autodesk Revit, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:revit:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "revit",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2025"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11608",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-09T18:03:53.476189Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-09T18:05:18.311Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Revit",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted SKP file, when linked or imported into Autodesk Revit, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted SKP file, when linked or imported into Autodesk Revit, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122 Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-09T17:53:18.804Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0026"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-11608",
    "datePublished": "2024-12-09T17:53:18.804Z",
    "dateReserved": "2024-11-21T20:20:48.343Z",
    "dateUpdated": "2024-12-09T18:05:18.311Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-40160
Vulnerability from cvelistv5
Published
2021-12-23 18:31
Modified
2024-08-04 02:27
Severity ?
Summary
PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file. This vulnerability can be exploited to execute arbitrary code.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T02:27:31.871Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Revit, Navisworks, Autodesk\u00ae Advance Steel, AutoCAD\u00ae, AutoCAD\u00ae Architecture, AutoCAD\u00ae Electrical, AutoCAD\u00ae Map 3D, AutoCAD\u00ae Mechanical, AutoCAD\u00ae MEP, AutoCAD\u00ae Plant 3D, AutoCAD\u00ae LT,  Autodesk\u00ae Civil 3D, AutoCAD\u00ae Mac, AutoCAD\u00ae LT for Mac",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "prior to 9.0.7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file. This vulnerability can be exploited to execute arbitrary code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-bound Read Vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-18T16:20:48",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@autodesk.com",
          "ID": "CVE-2021-40160",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Revit, Navisworks, Autodesk\u00ae Advance Steel, AutoCAD\u00ae, AutoCAD\u00ae Architecture, AutoCAD\u00ae Electrical, AutoCAD\u00ae Map 3D, AutoCAD\u00ae Mechanical, AutoCAD\u00ae MEP, AutoCAD\u00ae Plant 3D, AutoCAD\u00ae LT,  Autodesk\u00ae Civil 3D, AutoCAD\u00ae Mac, AutoCAD\u00ae LT for Mac",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to 9.0.7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file. This vulnerability can be exploited to execute arbitrary code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Out-of-bound Read Vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010",
              "refsource": "MISC",
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2021-40160",
    "datePublished": "2021-12-23T18:31:31",
    "dateReserved": "2021-08-27T00:00:00",
    "dateUpdated": "2024-08-04T02:27:31.871Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-29068
Vulnerability from cvelistv5
Published
2023-06-27 00:00
Modified
2024-12-05 14:41
Severity ?
Summary
A maliciously crafted file consumed through pskernel.dll file could lead to memory corruption vulnerabilities. These vulnerabilities in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:00:14.952Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-29068",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-05T14:41:27.413833Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-05T14:41:43.199Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk products",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2023, 2022, 2021, 2020"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A maliciously crafted file consumed through pskernel.dll file could lead to memory corruption vulnerabilities. These vulnerabilities in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "memory corruption vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-27T00:00:00",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2023-29068",
    "datePublished": "2023-06-27T00:00:00",
    "dateReserved": "2023-03-30T00:00:00",
    "dateUpdated": "2024-12-05T14:41:43.199Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-37008
Vulnerability from cvelistv5
Published
2024-08-21 10:02
Modified
2024-08-26 21:08
Summary
A maliciously crafted DWG file, when parsed in Revit, can force a stack-based buffer overflow. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Impacted products
Vendor Product Version
Autodesk Revit LT Version: 2025   
Version: 2024    2024.2.1
Version: 2023    2023.1.4
Version: 2022    2022.1.6
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:revit_lt:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "revit_lt",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2025.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2024.2.1",
                "status": "affected",
                "version": "2024",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "2023.1.4",
                "status": "affected",
                "version": "2023",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "2022.1.6",
                "status": "affected",
                "version": "2022",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-37008",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-22T18:53:46.614281Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-26T21:08:41.231Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Revit",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "2024.2.1",
              "status": "affected",
              "version": "2024",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "2023.1.4",
              "status": "affected",
              "version": "2023",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "2022.1.6",
              "status": "affected",
              "version": "2022",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Revit LT",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "2024.2.1",
              "status": "affected",
              "version": "2024",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "2023.1.4",
              "status": "affected",
              "version": "2023",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "2022.1.6",
              "status": "affected",
              "version": "2022",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA maliciously crafted DWG file, when parsed in Revit, can force a stack-based buffer overflow. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.\u003c/p\u003e"
            }
          ],
          "value": "A maliciously crafted DWG file, when parsed in Revit, can force a stack-based buffer overflow. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-26T12:44:55.475Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0013"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Stack-based Overflow Vulnerability in Revit Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-37008",
    "datePublished": "2024-08-21T10:02:21.128Z",
    "dateReserved": "2024-05-30T20:11:46.550Z",
    "dateUpdated": "2024-08-26T21:08:41.231Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-8896
Vulnerability from cvelistv5
Published
2024-10-29 21:43
Modified
2024-11-15 21:37
Summary
A maliciously crafted DXF file when parsed in acdb25.dll through Autodesk AutoCAD can force to access a variable prior to initialization. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
Impacted products
Vendor Product Version
Autodesk AutoCAD LT Version: 2025
Autodesk AutoCAD Architecture Version: 2025
Autodesk AutoCAD Electrical Version: 2025
Autodesk AutoCAD Mechanical Version: 2025
Autodesk AutoCAD MEP Version: 2025
Autodesk AutoCAD Plant 3D Version: 2025
AutoCAD Civil 3D Version: 2025
Autodesk Advance Steel Version: 2025
Autodesk DWG TrueView Version: 2025
Autodesk Infrastructure Parts Editor Version: 2025
Autodesk Inventor Version: 2025
Autodesk Navisworks Manage Version: 2025
Autodesk Navisworks Simulate Version: 2025
Autodesk Revit Version: 2025
Autodesk Vault Basic Client Version: 2025
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8896",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:33.412413Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:01:25.860Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD LT",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "AutoCAD",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DWG TrueView",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Infrastructure Parts Editor",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Inventor",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Navisworks Manage",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Navisworks Simulate",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Revit",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Vault Basic Client",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted DXF file when parsed in acdb25.dll\u0026nbsp;through Autodesk AutoCAD can force to access a variable prior to initialization. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
            }
          ],
          "value": "A maliciously crafted DXF file when parsed in acdb25.dll\u00a0through Autodesk AutoCAD can force to access a variable prior to initialization. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-908",
              "description": "CWE-908 Use of Uninitialized Resource",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-15T21:37:12.563Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0021"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autodesk AutoCAD DXF File Parsing Unitialized Variable Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-8896",
    "datePublished": "2024-10-29T21:43:11.437Z",
    "dateReserved": "2024-09-16T14:34:49.668Z",
    "dateUpdated": "2024-11-15T21:37:12.563Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-40166
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-04 02:27
Severity ?
Summary
A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute arbitrary code.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T02:27:31.562Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Revit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2022, 2021, 2020, 2019"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute arbitrary code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Use-After-Free",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-07T00:00:00",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2021-40166",
    "datePublished": "2022-10-07T00:00:00",
    "dateReserved": "2021-08-27T00:00:00",
    "dateUpdated": "2024-08-04T02:27:31.562Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-40163
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-04 02:27
Severity ?
Summary
A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing component.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T02:27:31.853Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Revit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2022, 2021, 2020, 2019"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing component."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Memory Corruption ",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-07T00:00:00",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2021-40163",
    "datePublished": "2022-10-07T00:00:00",
    "dateReserved": "2021-08-27T00:00:00",
    "dateUpdated": "2024-08-04T02:27:31.853Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-27871
Vulnerability from cvelistv5
Published
2022-06-21 14:23
Modified
2024-08-03 05:41
Severity ?
Summary
Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9.1.17 version may be used to write beyond the allocated buffer while parsing PDF files. This vulnerability may be exploited to execute arbitrary code.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:41:10.620Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0011"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk AutoCAD product suite, Revit, Design Review and Navisworks",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2022, 2021, 2020,2019"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9.1.17 version may be used to write beyond the allocated buffer while parsing PDF files. This vulnerability may be exploited to execute arbitrary code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Heap-based Buffer Overflow vul",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-21T14:23:33",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0011"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@autodesk.com",
          "ID": "CVE-2022-27871",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Autodesk AutoCAD product suite, Revit, Design Review and Navisworks",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2022, 2021, 2020,2019"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9.1.17 version may be used to write beyond the allocated buffer while parsing PDF files. This vulnerability may be exploited to execute arbitrary code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Heap-based Buffer Overflow vul"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0011",
              "refsource": "MISC",
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0011"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2022-27871",
    "datePublished": "2022-06-21T14:23:33",
    "dateReserved": "2022-03-25T00:00:00",
    "dateUpdated": "2024-08-03T05:41:10.620Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-7992
Vulnerability from cvelistv5
Published
2024-10-29 21:50
Modified
2024-11-15 21:35
Summary
A maliciously crafted DWG file, when parsed through Autodesk AutoCAD and certain AutoCAD-based products, can force a Stack-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Impacted products
Vendor Product Version
Autodesk AutoCAD LT Version: 2025
Autodesk AutoCAD Architecture Version: 2025
Autodesk AutoCAD Electrical Version: 2025
Autodesk AutoCAD Mechanical Version: 2025
Autodesk AutoCAD MEP Version: 2025
Autodesk AutoCAD Plant 3D Version: 2025
AutoCAD Civil 3D Version: 2025
Autodesk Advance Steel Version: 2025
Autodesk DWG TrueView Version: 2025
Autodesk Infrastructure Parts Editor Version: 2025
Autodesk Inventor Version: 2025
Autodesk Navisworks Manage Version: 2025
Autodesk Navisworks Simulate Version: 2025
Autodesk Revit Version: 2025
Autodesk Vault Basic Client Version: 2025
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7992",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:27.431632Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:00:32.444Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD LT",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "AutoCAD",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DWG TrueView",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Infrastructure Parts Editor",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Inventor",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Navisworks Manage",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Navisworks Simulate",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Revit",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Vault Basic Client",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWG file, when parsed\u003c/span\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ethrough Autodesk AutoCAD and certain AutoCAD-based products, can force a Stack-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted DWG file, when parsed through Autodesk AutoCAD and certain AutoCAD-based products, can force a Stack-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-15T21:35:26.842Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0021"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autodesk AutoCAD DWG Stack-Based Buffer Overflow Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-7992",
    "datePublished": "2024-10-29T21:50:13.232Z",
    "dateReserved": "2024-08-19T21:37:08.684Z",
    "dateUpdated": "2024-11-15T21:35:26.842Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-9997
Vulnerability from cvelistv5
Published
2024-10-29 21:45
Modified
2024-11-15 21:41
Summary
A maliciously crafted DWG file when parsed in acdb25.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
Impacted products
Vendor Product Version
Autodesk AutoCAD LT Version: 2025
Autodesk AutoCAD Architecture Version: 2025
Autodesk AutoCAD Electrical Version: 2025
Autodesk AutoCAD Mechanical Version: 2025
Autodesk AutoCAD MEP Version: 2025
Autodesk AutoCAD Plant 3D Version: 2025
AutoCAD Civil 3D Version: 2025
Autodesk Advance Steel Version: 2025
Autodesk DWG TrueView Version: 2025
Autodesk Infrastructure Parts Editor Version: 2025
Autodesk Inventor Version: 2025
Autodesk Navisworks Manage Version: 2025
Autodesk Navisworks Simulate Version: 2025
Autodesk Revit Version: 2025
Autodesk Vault Basic Client Version: 2025
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-9997",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:29.745174Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:00:57.856Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD LT",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "AutoCAD",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DWG TrueView",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Infrastructure Parts Editor",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Inventor",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Navisworks Manage",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Navisworks Simulate",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Revit",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Vault Basic Client",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted DWG file when parsed in acdb25.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability.  A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted DWG file when parsed in acdb25.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability.  A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-15T21:41:09.391Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0021"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autodesk AutoCAD DWG File Parsing Memory Corruption Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-9997",
    "datePublished": "2024-10-29T21:45:59.005Z",
    "dateReserved": "2024-10-15T13:39:39.800Z",
    "dateUpdated": "2024-11-15T21:41:09.391Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-7991
Vulnerability from cvelistv5
Published
2024-10-29 21:49
Modified
2024-11-15 21:41
Summary
A maliciously crafted DWG file, when parsed through Autodesk AutoCAD and certain AutoCAD-based products, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Impacted products
Vendor Product Version
Autodesk AutoCAD LT Version: 2025
Autodesk AutoCAD Architecture Version: 2025
Autodesk AutoCAD Electrical Version: 2025
Autodesk AutoCAD Mechanical Version: 2025
Autodesk AutoCAD MEP Version: 2025
Autodesk AutoCAD Plant 3D Version: 2025
AutoCAD Civil 3D Version: 2025
Autodesk Advance Steel Version: 2025
Autodesk DWG TrueView Version: 2025
Autodesk Infrastructure Parts Editor Version: 2025
Autodesk Inventor Version: 2025
Autodesk Navisworks Manage Version: 2025
Autodesk Navisworks Simulate Version: 2025
Autodesk Revit Version: 2025
Autodesk Vault Basic Client Version: 2025
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7991",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:28.629296Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:00:49.205Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD LT",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "AutoCAD",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DWG TrueView",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Infrastructure Parts Editor",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Inventor",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Navisworks Manage",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Navisworks Simulate",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Revit",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Vault Basic Client",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDW\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eG\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e f\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eile,\u003c/span\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ewhen parsed\u003c/span\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ethrough Autodesk \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAutoCAD\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e and certain AutoCAD-based products,\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e can force an Out-of-Bound\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003es\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e Write. A malicious actor can \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003el\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eeverage\u003c/span\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ethis vulnerability to cause a crash, \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eread\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e sensitive data, or execute arbitrary code in the context of the current process. \u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted DWG file, when parsed through Autodesk AutoCAD and certain AutoCAD-based products, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-15T21:41:39.238Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0021"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autodesk AutoCAD DWG Out-of-Bounds Write Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-7991",
    "datePublished": "2024-10-29T21:49:02.128Z",
    "dateReserved": "2024-08-19T21:37:04.701Z",
    "dateUpdated": "2024-11-15T21:41:39.238Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-25003
Vulnerability from cvelistv5
Published
2023-06-23 00:00
Modified
2024-12-05 17:10
Severity ?
Summary
A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities. Exploitation of this vulnerability may lead to code execution.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:11:43.401Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-25003",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-05T17:09:59.558363Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-05T17:10:10.146Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": " AutoCAD, Maya ",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2023, 2022"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities. Exploitation of this vulnerability may lead to code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "out-of-bound read write / read",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-23T00:00:00",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2023-25003",
    "datePublished": "2023-06-23T00:00:00",
    "dateReserved": "2023-02-01T00:00:00",
    "dateUpdated": "2024-12-05T17:10:10.146Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}