CVE-2024-23155

Published: Jun 25, 2024Modified: May 6, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: psirt@autodesk.com (Secondary)

Description

A maliciously crafted MODEL file, when parsed in atf_asm_interface.dll through Autodesk applications, can be used to cause a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.

Affected (36)

Products: Autodesk: Autocad, Autocad Architecture, Autocad Electrical, Autocad Map 3d, Autocad Mechanical, Autocad Mep, Autocad Plant 3d, Civil 3d, Advance Steel

9 products

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Autodesk Autocad	From 2022 to 2022.1.5
Autodesk Autocad	From 2023 to 2023.1.6
Autodesk Autocad	From 2024 to 2024.1.5
Autodesk Autocad	From 2025 to 2025.1

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Autodesk Autocad Architecture	From 2022 to 2022.1.5
Autodesk Autocad Architecture	From 2023 to 2023.1.6
Autodesk Autocad Architecture	From 2024 to 2024.1.5
Autodesk Autocad Architecture	From 2025 to 2025.1

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Autodesk Autocad Electrical	From 2022 to 2022.1.5
Autodesk Autocad Electrical	From 2023 to 2023.1.6
Autodesk Autocad Electrical	From 2024 to 2024.1.5
Autodesk Autocad Electrical	From 2025 to 2025.1

Configuration D

4 vulnerable

Vulnerable Software	Affected Versions
Autodesk Autocad Map 3d	From 2022 to 2022.1.5
Autodesk Autocad Map 3d	From 2023 to 2023.1.6
Autodesk Autocad Map 3d	From 2024 to 2024.1.5
Autodesk Autocad Map 3d	From 2025 to 2025.1

Configuration E

4 vulnerable

Vulnerable Software	Affected Versions
Autodesk Autocad Mechanical	From 2022 to 2022.1.5
Autodesk Autocad Mechanical	From 2023 to 2023.1.6
Autodesk Autocad Mechanical	From 2024 to 2024.1.5
Autodesk Autocad Mechanical	From 2025 to 2025.1

Configuration F

4 vulnerable

Vulnerable Software	Affected Versions
Autodesk Autocad Mep	From 2022 to 2022.1.5
Autodesk Autocad Mep	From 2023 to 2023.1.6
Autodesk Autocad Mep	From 2024 to 2024.1.5
Autodesk Autocad Mep	From 2025 to 2025.1

Configuration G

4 vulnerable

Vulnerable Software	Affected Versions
Autodesk Autocad Plant 3d	From 2022 to 2022.1.5
Autodesk Autocad Plant 3d	From 2023 to 2023.1.6
Autodesk Autocad Plant 3d	From 2024 to 2024.1.5
Autodesk Autocad Plant 3d	From 2025 to 2025.1

Configuration H

4 vulnerable

Vulnerable Software	Affected Versions
Autodesk Civil 3d	From 2022 to 2022.1.5
Autodesk Civil 3d	From 2023 to 2023.1.6
Autodesk Civil 3d	From 2024 to 2024.1.5
Autodesk Civil 3d	From 2025 to 2025.1

Configuration I

4 vulnerable

Vulnerable Software	Affected Versions
Autodesk Advance Steel	From 2022 to 2022.1.5
Autodesk Advance Steel	From 2023 to 2023.1.6
Autodesk Advance Steel	From 2024 to 2024.1.5
Autodesk Advance Steel	From 2025 to 2025.1

Related CWEs

CWE-122

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010

Source: psirt@autodesk.com

Vendor Advisory

https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.