CVE-2024-23157

Published: Jun 25, 2024Modified: Jan 22, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: psirt@autodesk.com (Secondary)

Description

A maliciously crafted SLDASM or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.

Affected (36)

Products: Autodesk: Autocad, Autocad Architecture, Autocad Electrical, Autocad Map 3d, Autocad Mechanical, Autocad Mep, Autocad Plant 3d, Civil 3d, Advance Steel

9 products

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Autodesk Autocad	From 2022 to 2022.1.5
Autodesk Autocad	From 2023 to 2023.1.6
Autodesk Autocad	From 2024 to 2024.1.5
Autodesk Autocad	From 2025 to 2025.1

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Autodesk Autocad Architecture	From 2022 to 2022.1.5
Autodesk Autocad Architecture	From 2023 to 2023.1.6
Autodesk Autocad Architecture	From 2024 to 2024.1.5
Autodesk Autocad Architecture	From 2025 to 2025.1

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Autodesk Autocad Electrical	From 2022 to 2022.1.5
Autodesk Autocad Electrical	From 2023 to 2023.1.6
Autodesk Autocad Electrical	From 2024 to 2024.1.5
Autodesk Autocad Electrical	From 2025 to 2025.1

Configuration D

4 vulnerable

Vulnerable Software	Affected Versions
Autodesk Autocad Map 3d	From 2022 to 2022.1.5
Autodesk Autocad Map 3d	From 2023 to 2023.1.6
Autodesk Autocad Map 3d	From 2024 to 2024.1.5
Autodesk Autocad Map 3d	From 2025 to 2025.1

Configuration E

4 vulnerable

Vulnerable Software	Affected Versions
Autodesk Autocad Mechanical	From 2022 to 2022.1.5
Autodesk Autocad Mechanical	From 2023 to 2023.1.6
Autodesk Autocad Mechanical	From 2024 to 2024.1.5
Autodesk Autocad Mechanical	From 2025 to 2025.1

Configuration F

4 vulnerable

Vulnerable Software	Affected Versions
Autodesk Autocad Mep	From 2022 to 2022.1.5
Autodesk Autocad Mep	From 2023 to 2023.1.6
Autodesk Autocad Mep	From 2024 to 2024.1.5
Autodesk Autocad Mep	From 2025 to 2025.1

Configuration G

4 vulnerable

Vulnerable Software	Affected Versions
Autodesk Autocad Plant 3d	From 2022 to 2022.1.5
Autodesk Autocad Plant 3d	From 2023 to 2023.1.6
Autodesk Autocad Plant 3d	From 2024 to 2024.1.5
Autodesk Autocad Plant 3d	From 2025 to 2025.1

Configuration H

4 vulnerable

Vulnerable Software	Affected Versions
Autodesk Civil 3d	From 2022 to 2022.1.5
Autodesk Civil 3d	From 2023 to 2023.1.6
Autodesk Civil 3d	From 2024 to 2024.1.5
Autodesk Civil 3d	From 2025 to 2025.1

Configuration I

4 vulnerable

Vulnerable Software	Affected Versions
Autodesk Advance Steel	From 2022 to 2022.1.5
Autodesk Advance Steel	From 2023 to 2023.1.6
Autodesk Advance Steel	From 2024 to 2024.1.5
Autodesk Advance Steel	From 2025 to 2025.1

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010

Source: psirt@autodesk.com

Vendor Advisory

https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.