← Back

CVE-2023-29074

nvd nist
Published: Nov 23, 2023Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

A maliciously crafted CATPART file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause an Out-Of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Affected (22)

Autodesk
10 products
Autocad
Autocad Advance Steel
Autocad Architecture
Autocad Civil 3d
Autocad Electrical
Autocad Lt
Autocad Map 3d
Autocad Mechanical
Autocad Mep
Autocad Plant 3d
Configuration A
22 vulnerable
Vulnerable SoftwareAffected Versions
Autodesk
Autocad
From 2023.0.0 to 2023.1.4
Autocad
From 2024.0.0 to 2024.1.1
Autocad
Before 2024.1
Autodesk
Autocad Advance Steel
Before 2023.1.4
Autocad Advance Steel
From 2024.0.0 to 2024.1.1
Autodesk
Autocad Architecture
Before 2023.1.4
Autocad Architecture
From 2024.0.0 to 2024.1.1
Autodesk
Autocad Civil 3d
Before 2023.1.4
Autocad Civil 3d
From 2024.0.0 to 2024.1.1
Autodesk
Autocad Electrical
Before 2023.1.4
Autocad Electrical
From 2024.0.0 to 2024.1.1
Autodesk
Autocad Lt
Before 2023.1.4
Autocad Lt
From 2024.0.0 to 2024.1.1
Autocad Lt
Before 2024.1
Autodesk
Autocad Map 3d
Before 2023.1.4
Autocad Map 3d
From 2024.0.0 to 2024.1.1
Autodesk
Autocad Mechanical
Before 2023.1.4
Autocad Mechanical
From 2024.0.0 to 2024.1.1
Autodesk
Autocad Mep
Before 2023.1.4
Autocad Mep
From 2024.0.0 to 2024.1.1
Autodesk
Autocad Plant 3d
Before 2023.1.4
Autocad Plant 3d
From 2024.0.0 to 2024.1.1

Related CWEs

CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

Source: psirt@autodesk.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.