CVE-2024-7675

Published: Sep 30, 2024Modified: Jan 29, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A maliciously crafted DWF file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Use-After-Free. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.

Affected (3)

Products: Autodesk: Navisworks

Autodesk

1 product

Navisworks

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Autodesk Navisworks	Version 2025.1
Autodesk Navisworks	Version 2025.2
Autodesk Navisworks	Version 2025

Related CWEs

CWE-416

Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (1)

https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0015

Source: psirt@autodesk.com

Timeline

No history available yet.