CVE-2023-29076

Published: Nov 23, 2023Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A maliciously crafted MODEL, SLDASM, SAT or CATPART file when parsed through Autodesk AutoCAD 2024 and 2023 could cause memory corruption vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.

Affected (22)

Products: Autodesk: Autocad, Autocad Advance Steel, Autocad Architecture, Autocad Civil 3d, Autocad Electrical, Autocad Lt, Autocad Map 3d, Autocad Mechanical, Autocad Mep, Autocad Plant 3d

Autodesk

10 products

Autocad

Autocad Advance Steel

Configuration A

22 vulnerable

Vulnerable Software	Affected Versions
Autodesk Autocad	From 2023.0.0 to 2023.1.4
Autodesk Autocad	From 2024.0.0 to 2024.1.1
Autodesk Autocad	Before 2024.1
Autodesk Autocad Advance Steel	Before 2023.1.4
Autodesk Autocad Advance Steel	From 2024.0.0 to 2024.1.1
Autodesk Autocad Architecture	Before 2023.1.4
Autodesk Autocad Architecture	From 2024.0.0 to 2024.1.1
Autodesk Autocad Civil 3d	Before 2023.1.4
Autodesk Autocad Civil 3d	From 2024.0.0 to 2024.1.1
Autodesk Autocad Electrical	Before 2023.1.4
Autodesk Autocad Electrical	From 2024.0.0 to 2024.1.1
Autodesk Autocad Lt	Before 2023.1.4
Autodesk Autocad Lt	From 2024.0.0 to 2024.1.1
Autodesk Autocad Lt	Before 2024.1
Autodesk Autocad Map 3d	Before 2023.1.4
Autodesk Autocad Map 3d	From 2024.0.0 to 2024.1.1
Autodesk Autocad Mechanical	Before 2023.1.4
Autodesk Autocad Mechanical	From 2024.0.0 to 2024.1.1
Autodesk Autocad Mep	Before 2023.1.4
Autodesk Autocad Mep	From 2024.0.0 to 2024.1.1
Autodesk Autocad Plant 3d	Before 2023.1.4
Autodesk Autocad Plant 3d	From 2024.0.0 to 2024.1.1

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (2)

https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018

Source: psirt@autodesk.com

Vendor Advisory

https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.