CVE-2024-37003

Published: Jun 25, 2024Modified: Nov 13, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: psirt@autodesk.com (Secondary)

Description

A maliciously crafted DWG and SLDPRT file, when parsed in opennurbs.dll and ODXSW_DLL.dll through Autodesk applications, can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Affected (36)

Products: Autodesk: Autocad, Autocad Architecture, Autocad Electrical, Autocad Map 3d, Autocad Mechanical, Autocad Mep, Autocad Plant 3d, Civil 3d, Advance Steel

9 products

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Autodesk Autocad	From 2022 to 2022.1.5
Autodesk Autocad	From 2023 to 2023.1.6
Autodesk Autocad	From 2024 to 2024.1.4
Autodesk Autocad	From 2025 to 2025.1

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Autodesk Autocad Architecture	From 2022 to 2022.1.5
Autodesk Autocad Architecture	From 2023 to 2023.1.6
Autodesk Autocad Architecture	From 2024 to 2024.1.4
Autodesk Autocad Architecture	From 2025 to 2025.1

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Autodesk Autocad Electrical	From 2022 to 2022.1.5
Autodesk Autocad Electrical	From 2023 to 2023.1.6
Autodesk Autocad Electrical	From 2024 to 2024.1.4
Autodesk Autocad Electrical	From 2025 to 2025.1

Configuration D

4 vulnerable

Vulnerable Software	Affected Versions
Autodesk Autocad Map 3d	From 2022 to 2022.1.5
Autodesk Autocad Map 3d	From 2023 to 2023.1.6
Autodesk Autocad Map 3d	From 2024 to 2024.1.4
Autodesk Autocad Map 3d	From 2025 to 2025.1

Configuration E

4 vulnerable

Vulnerable Software	Affected Versions
Autodesk Autocad Mechanical	From 2022 to 2022.1.5
Autodesk Autocad Mechanical	From 2023 to 2023.1.6
Autodesk Autocad Mechanical	From 2024 to 2024.1.4
Autodesk Autocad Mechanical	From 2025 to 2025.1

Configuration F

4 vulnerable

Vulnerable Software	Affected Versions
Autodesk Autocad Mep	From 2022 to 2022.1.5
Autodesk Autocad Mep	From 2023 to 2023.1.6
Autodesk Autocad Mep	From 2024 to 2024.1.4
Autodesk Autocad Mep	From 2025 to 2025.1

Configuration G

4 vulnerable

Vulnerable Software	Affected Versions
Autodesk Autocad Plant 3d	From 2022 to 2022.1.5
Autodesk Autocad Plant 3d	From 2023 to 2023.1.6
Autodesk Autocad Plant 3d	From 2024 to 2024.1.4
Autodesk Autocad Plant 3d	From 2025 to 2025.1

Configuration H

4 vulnerable

Vulnerable Software	Affected Versions
Autodesk Civil 3d	From 2022 to 2022.1.5
Autodesk Civil 3d	From 2023 to 2023.1.6
Autodesk Civil 3d	From 2024 to 2024.1.4
Autodesk Civil 3d	From 2025 to 2025.1

Configuration I

4 vulnerable

Vulnerable Software	Affected Versions
Autodesk Advance Steel	From 2022 to 2022.1.5
Autodesk Advance Steel	From 2023 to 2023.1.6
Autodesk Advance Steel	From 2024 to 2024.1.4
Autodesk Advance Steel	From 2025 to 2025.1

Related CWEs

CWE-121

Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009

Source: psirt@autodesk.com

Vendor Advisory

https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.