CVE-2023-27914

Published: Apr 14, 2023Modified: Feb 6, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can be used to write beyond the allocated buffer causing a Stack Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in the context of the current process.

Affected (10)

Products: Autodesk: Autocad, Autocad Advance Steel, Autocad Architecture, Autocad Civil 3d, Autocad Electrical, Autocad Lt, Autocad Map 3d, Autocad Mechanical, Autocad Mep, Autocad Plant 3d

Autodesk

10 products

Autocad

Autocad Advance Steel

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Autodesk Autocad	From 2023 to 2023.1.3
Autodesk Autocad Advance Steel	From 2023 to 2023.1.3
Autodesk Autocad Architecture	From 2023 to 2023.1.3
Autodesk Autocad Civil 3d	From 2023 to 2023.1.3
Autodesk Autocad Electrical	From 2023 to 2023.1.3
Autodesk Autocad Lt	From 2023 to 2023.1.3
Autodesk Autocad Map 3d	From 2023 to 2023.1.3
Autodesk Autocad Mechanical	From 2023 to 2023.1.3
Autodesk Autocad Mep	From 2023 to 2023.1.3
Autodesk Autocad Plant 3d	From 2023 to 2023.1.3

Related CWEs

CWE-121

Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0005

Source: psirt@autodesk.com

Vendor Advisory

https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0005

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.