Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-7359

Summary
Assigner-autodesk
Assigner Org ID-7e40ea87-bc65-4944-9723-dd79dd760601
Published At-09 Apr, 2019 | 19:22
Updated At-04 Aug, 2024 | 20:46
Rejected At-
Credits

An exploitable heap overflow vulnerability in the AcCellMargin handling code in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file with too many cell margins populating an AcCellMargin object may cause a heap overflow, resulting in code execution.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:autodesk
Assigner Org ID:7e40ea87-bc65-4944-9723-dd79dd760601
Published At:09 Apr, 2019 | 19:22
Updated At:04 Aug, 2024 | 20:46
Rejected At:
▼CVE Numbering Authority (CNA)

An exploitable heap overflow vulnerability in the AcCellMargin handling code in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file with too many cell margins populating an AcCellMargin object may cause a heap overflow, resulting in code execution.

Affected Products
Vendor
Autodesk Inc.Autodesk
Product
Autodesk Advance Steel
Versions
Affected
  • 2018
Vendor
Autodesk Inc.Autodesk
Product
Autodesk AutoCAD
Versions
Affected
  • 2018
Vendor
Autodesk Inc.Autodesk
Product
Autodesk AutoCAD Architecture
Versions
Affected
  • 2018
Vendor
Autodesk Inc.Autodesk
Product
Autodesk AutoCAD Electrical
Versions
Affected
  • 2018
Vendor
Autodesk Inc.Autodesk
Product
Autodesk AutoCAD Map 3D
Versions
Affected
  • 2018
Vendor
Autodesk Inc.Autodesk
Product
Autodesk AutoCAD Mechanical
Versions
Affected
  • 2018
Vendor
Autodesk Inc.Autodesk
Product
Autodesk AutoCAD MEP
Versions
Affected
  • 2018
Vendor
Autodesk Inc.Autodesk
Product
Autodesk AutoCAD P&ID
Versions
Affected
  • 2018
Vendor
Autodesk Inc.Autodesk
Product
Autodesk AutoCAD Plant 3D
Versions
Affected
  • 2018
Vendor
Autodesk Inc.Autodesk
Product
Autodesk AutoCAD LT
Versions
Affected
  • 2018
Vendor
Autodesk Inc.Autodesk
Product
Autodesk Civil 3D
Versions
Affected
  • 2018
Problem Types
TypeCWE IDDescription
textN/AUse After Free
Type: text
CWE ID: N/A
Description: Use After Free
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001
x_refsource_MISC
Hyperlink: https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001
x_refsource_MISC
x_transferred
Hyperlink: https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@autodesk.com
Published At:09 Apr, 2019 | 20:30
Updated At:24 Aug, 2020 | 17:37

An exploitable heap overflow vulnerability in the AcCellMargin handling code in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file with too many cell margins populating an AcCellMargin object may cause a heap overflow, resulting in code execution.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.8HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
Autodesk Inc.
autodesk
>>advance_steel>>2018
cpe:2.3:a:autodesk:advance_steel:2018:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad>>2018
cpe:2.3:a:autodesk:autocad:2018:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_architecture>>2018
cpe:2.3:a:autodesk:autocad_architecture:2018:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_electrical>>2018
cpe:2.3:a:autodesk:autocad_electrical:2018:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_lt>>2018
cpe:2.3:a:autodesk:autocad_lt:2018:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_map_3d>>2018
cpe:2.3:a:autodesk:autocad_map_3d:2018:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mechanical>>2018
cpe:2.3:a:autodesk:autocad_mechanical:2018:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mep>>2018
cpe:2.3:a:autodesk:autocad_mep:2018:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_p\&id>>2018
cpe:2.3:a:autodesk:autocad_p\&id:2018:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_plant_3d>>2018
cpe:2.3:a:autodesk:autocad_plant_3d:2018:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>civil_3d>>2018
cpe:2.3:a:autodesk:civil_3d:2018:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001psirt@autodesk.com
Vendor Advisory
Hyperlink: https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001
Source: psirt@autodesk.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

2636Records found
Details not found