CVE-2024-8587

Published: Oct 29, 2024Modified: Dec 16, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Heap Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

Affected (8)

Products: Autodesk: Advance Steel, Autocad, Autocad Architecture, Autocad Electrical, Autocad Mechanical, Autocad Mep, Autocad Plant 3d, Civil 3d

8 products

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Autodesk Advance Steel	Version 2025
Autodesk Autocad	Version 2025
Autodesk Autocad Architecture	Version 2025
Autodesk Autocad Electrical	Version 2025
Autodesk Autocad Mechanical	Version 2025
Autodesk Autocad Mep	Version 2025
Autodesk Autocad Plant 3d	Version 2025
Autodesk Civil 3d	Version 2025

Related CWEs

CWE-122

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (1)

https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019

Source: psirt@autodesk.com

Vendor Advisory

Timeline

No history available yet.