CVE-2024-23142

Published: Jun 25, 2024Modified: Dec 31, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: psirt@autodesk.com (Secondary)

Description

A maliciously crafted CATPART, STP, and MODEL file, when parsed in atf_dwg_consumer.dll, rose_x64_vc15.dll and libodxdll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.

Affected (36)

Products: Autodesk: Autocad, Autocad Architecture, Autocad Electrical, Autocad Map 3d, Autocad Mechanical, Autocad Mep, Autocad Plant 3d, Civil 3d, Advance Steel

9 products

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Autodesk Autocad	From 2022 to 2022.1.5
Autodesk Autocad	From 2023 to 2023.1.6
Autodesk Autocad	From 2024 to 2024.1.4
Autodesk Autocad	From 2025 to 2025.1

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Autodesk Autocad Architecture	From 2022 to 2022.1.5
Autodesk Autocad Architecture	From 2023 to 2023.1.6
Autodesk Autocad Architecture	From 2024 to 2024.1.4
Autodesk Autocad Architecture	From 2025 to 2025.1

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Autodesk Autocad Electrical	From 2022 to 2022.1.5
Autodesk Autocad Electrical	From 2023 to 2023.1.6
Autodesk Autocad Electrical	From 2024 to 2024.1.4
Autodesk Autocad Electrical	From 2025 to 2025.1

Configuration D

4 vulnerable

Vulnerable Software	Affected Versions
Autodesk Autocad Map 3d	From 2022 to 2022.1.5
Autodesk Autocad Map 3d	From 2023 to 2023.1.6
Autodesk Autocad Map 3d	From 2024 to 2024.1.4
Autodesk Autocad Map 3d	From 2025 to 2025.1

Configuration E

4 vulnerable

Vulnerable Software	Affected Versions
Autodesk Autocad Mechanical	From 2022 to 2022.1.5
Autodesk Autocad Mechanical	From 2023 to 2023.1.6
Autodesk Autocad Mechanical	From 2024 to 2024.1.4
Autodesk Autocad Mechanical	From 2025 to 2025.1

Configuration F

4 vulnerable

Vulnerable Software	Affected Versions
Autodesk Autocad Mep	From 2022 to 2022.1.5
Autodesk Autocad Mep	From 2023 to 2023.1.6
Autodesk Autocad Mep	From 2024 to 2024.1.4
Autodesk Autocad Mep	From 2025 to 2025.1

Configuration G

4 vulnerable

Vulnerable Software	Affected Versions
Autodesk Autocad Plant 3d	From 2022 to 2022.1.5
Autodesk Autocad Plant 3d	From 2023 to 2023.1.6
Autodesk Autocad Plant 3d	From 2024 to 2024.1.4
Autodesk Autocad Plant 3d	From 2025 to 2025.1

Configuration H

4 vulnerable

Vulnerable Software	Affected Versions
Autodesk Civil 3d	From 2022 to 2022.1.5
Autodesk Civil 3d	From 2023 to 2023.1.6
Autodesk Civil 3d	From 2024 to 2024.1.4
Autodesk Civil 3d	From 2025 to 2025.1

Configuration I

4 vulnerable

Vulnerable Software	Affected Versions
Autodesk Advance Steel	From 2022 to 2022.1.5
Autodesk Advance Steel	From 2023 to 2023.1.6
Autodesk Advance Steel	From 2024 to 2024.1.4
Autodesk Advance Steel	From 2025 to 2025.1

Related CWEs

CWE-416

Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (2)

https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009

Source: psirt@autodesk.com

Vendor Advisory

https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.