← Back

CVE-2024-23137

nvd nist
Published: Feb 22, 2024Modified: Apr 11, 2025

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: psirt@autodesk.com (Secondary)

Description

A maliciously crafted STP or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.

Affected (45)

Autodesk
9 products
Autocad
Autocad Architecture
Autocad Electrical
Autocad Mechanical
Autocad Mep
Autocad Plant 3d
Civil 3d
Advance Steel
Autocad Map 3d
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Autodesk
Autocad
From 2021 to 2021.1.4
Autocad
From 2022 to 2022.1.4
Autocad
From 2023 to 2023.1.5
Autocad
From 2024 to 2024.1.3
Autocad
From 2025 to 2025.0.1
Configuration B
5 vulnerable
Vulnerable SoftwareAffected Versions
Autodesk
Autocad Architecture
From 2021 to 2021.1.4
Autocad Architecture
From 2022 to 2022.1.4
Autocad Architecture
From 2023 to 2023.1.5
Autocad Architecture
From 2024 to 2024.1.3
Autocad Architecture
From 2025 to 2025.0.1
Configuration C
5 vulnerable
Vulnerable SoftwareAffected Versions
Autodesk
Autocad Electrical
From 2021 to 2021.1.4
Autocad Electrical
From 2022 to 2022.1.4
Autocad Electrical
From 2023 to 2023.1.5
Autocad Electrical
From 2024 to 2024.1.3
Autocad Electrical
From 2025 to 2025.0.1
Configuration D
5 vulnerable
Vulnerable SoftwareAffected Versions
Autodesk
Autocad Mechanical
From 2021 to 2021.1.4
Autocad Mechanical
From 2022 to 2022.1.4
Autocad Mechanical
From 2023 to 2023.1.5
Autocad Mechanical
From 2024 to 2024.1.3
Autocad Mechanical
From 2025 to 2025.0.1
Configuration E
5 vulnerable
Vulnerable SoftwareAffected Versions
Autodesk
Autocad Mep
From 2021 to 2021.1.4
Autocad Mep
From 2022 to 2022.1.4
Autocad Mep
From 2023 to 2023.1.5
Autocad Mep
From 2024 to 2024.1.3
Autocad Mep
From 2025 to 2025.0.1
Configuration F
5 vulnerable
Vulnerable SoftwareAffected Versions
Autodesk
Autocad Plant 3d
From 2021 to 2021.1.4
Autocad Plant 3d
From 2022 to 2022.1.4
Autocad Plant 3d
From 2023 to 2023.1.5
Autocad Plant 3d
From 2024 to 2024.1.3
Autocad Plant 3d
From 2025 to 2025.0.1
Configuration G
5 vulnerable
Vulnerable SoftwareAffected Versions
Autodesk
Civil 3d
From 2021 to 2021.1.4
Civil 3d
From 2022 to 2022.1.4
Civil 3d
From 2023 to 2023.1.5
Civil 3d
From 2024 to 2024.1.3
Civil 3d
From 2025 to 2025.0.1
Configuration H
5 vulnerable
Vulnerable SoftwareAffected Versions
Autodesk
Advance Steel
From 2021 to 2021.1.4
Advance Steel
From 2022 to 2022.1.4
Advance Steel
From 2023 to 2023.1.5
Advance Steel
From 2024 to 2024.1.3
Advance Steel
From 2025 to 2025.0.1
Configuration I
5 vulnerable
Vulnerable SoftwareAffected Versions
Autodesk
Autocad Map 3d
From 2021 to 2021.1.4
Autocad Map 3d
From 2022 to 2022.1.4
Autocad Map 3d
From 2023 to 2023.1.5
Autocad Map 3d
From 2024 to 2024.1.3
Autocad Map 3d
From 2025 to 2025.0.1

Related CWEs

CWE-457
Use of Uninitialized Variable
The code uses a variable that has not been initialized, leading to unpredictable or unintended results.
CWE-908
Use of Uninitialized Resource
The product uses or accesses a resource that has not been initialized.

References (6)

Source: psirt@autodesk.com
Vendor Advisory
Source: psirt@autodesk.com
Vendor Advisory
Source: psirt@autodesk.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.