Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-23151

Summary
Assigner-autodesk
Assigner Org ID-7e40ea87-bc65-4944-9723-dd79dd760601
Published At-25 Jun, 2024 | 03:24
Updated At-26 Aug, 2025 | 20:45
Rejected At-
Credits

Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products

A maliciously crafted 3DM file, when parsed in ASMkern229A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:autodesk
Assigner Org ID:7e40ea87-bc65-4944-9723-dd79dd760601
Published At:25 Jun, 2024 | 03:24
Updated At:26 Aug, 2025 | 20:45
Rejected At:
▼CVE Numbering Authority (CNA)
Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products

A maliciously crafted 3DM file, when parsed in ASMkern229A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Affected Products
Vendor
Autodesk Inc.Autodesk
Product
AutoCAD
CPEs
  • cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 2025 before 2025.1 (custom)
  • From 2024 before 2024.1.5 (custom)
  • From 2023 before 2023.1.6 (custom)
  • From 2022 before 2022.1.5 (custom)
Vendor
Autodesk Inc.Autodesk
Product
AutoCAD Architecture
CPEs
  • cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 2025 before 2025.1 (custom)
  • From 2024 before 2024.1.5 (custom)
  • From 2023 before 2023.1.6 (custom)
  • From 2022 before 2022.1.5 (custom)
Vendor
Autodesk Inc.Autodesk
Product
AutoCAD Electrical
CPEs
  • cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 2025 before 2025.1 (custom)
  • From 2024 before 2024.1.5 (custom)
  • From 2023 before 2023.1.6 (custom)
  • From 2022 before 2022.1.5 (custom)
Vendor
Autodesk Inc.Autodesk
Product
AutoCAD Mechanical
CPEs
  • cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 2025 before 2025.1 (custom)
  • From 2024 before 2024.1.5 (custom)
  • From 2023 before 2023.1.6 (custom)
  • From 2022 before 2022.1.5 (custom)
Vendor
Autodesk Inc.Autodesk
Product
AutoCAD MEP
CPEs
  • cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 2025 before 2025.1 (custom)
  • From 2024 before 2024.1.5 (custom)
  • From 2023 before 2023.1.6 (custom)
  • From 2022 before 2022.1.5 (custom)
Vendor
Autodesk Inc.Autodesk
Product
AutoCAD Plant 3D
CPEs
  • cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 2025 before 2025.1 (custom)
  • From 2024 before 2024.1.5 (custom)
  • From 2023 before 2023.1.6 (custom)
  • From 2022 before 2022.1.5 (custom)
Vendor
Autodesk Inc.Autodesk
Product
Civil 3D
CPEs
  • cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 2025 before 2025.1 (custom)
  • From 2024 before 2024.1.5 (custom)
  • From 2023 before 2023.1.6 (custom)
  • From 2022 before 2022.1.5 (custom)
Vendor
Autodesk Inc.Autodesk
Product
Advance Steel
CPEs
  • cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 2025 before 2025.1 (custom)
  • From 2024 before 2024.1.5 (custom)
  • From 2023 before 2023.1.6 (custom)
  • From 2022 before 2022.1.5 (custom)
Vendor
Autodesk Inc.Autodesk
Product
AutoCAD MAP 3D
CPEs
  • cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 2025 before 2025.1 (custom)
  • From 2024 before 2024.1.5 (custom)
  • From 2023 before 2023.1.6 (custom)
  • From 2022 before 2022.1.5 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-787CWE-787 Out-of-bounds Write
Type: CWE
CWE ID: CWE-787
Description: CWE-787 Out-of-bounds Write
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-100CAPEC-100 Overflow Buffers
CAPEC ID: CAPEC-100
Description: CAPEC-100 Overflow Buffers
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010
N/A
Hyperlink: https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
Autodesk Inc.autodesk
Product
autocad
CPEs
  • cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 2024 before 2024.1.5 (custom)
Vendor
Autodesk Inc.autodesk
Product
advance_steel
CPEs
  • cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 2024 before 2024.1.5 (custom)
Vendor
Autodesk Inc.autodesk
Product
civil_3d
CPEs
  • cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 2024 before 2024.1.5 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010
x_transferred
Hyperlink: https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@autodesk.com
Published At:25 Jun, 2024 | 04:15
Updated At:06 May, 2025 | 19:46

A maliciously crafted 3DM file, when parsed in ASMkern229A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
Autodesk Inc.
autodesk
>>autocad>>Versions from 2022(inclusive) to 2022.1.5(exclusive)
cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad>>Versions from 2023(inclusive) to 2023.1.6(exclusive)
cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad>>Versions from 2024(inclusive) to 2024.1.5(exclusive)
cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad>>Versions from 2025(inclusive) to 2025.1(exclusive)
cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_architecture>>Versions from 2022(inclusive) to 2022.1.5(exclusive)
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_architecture>>Versions from 2023(inclusive) to 2023.1.6(exclusive)
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_architecture>>Versions from 2024(inclusive) to 2024.1.5(exclusive)
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_architecture>>Versions from 2025(inclusive) to 2025.1(exclusive)
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_electrical>>Versions from 2022(inclusive) to 2022.1.5(exclusive)
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_electrical>>Versions from 2023(inclusive) to 2023.1.6(exclusive)
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_electrical>>Versions from 2024(inclusive) to 2024.1.5(exclusive)
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_electrical>>Versions from 2025(inclusive) to 2025.1(exclusive)
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_map_3d>>Versions from 2022(inclusive) to 2022.1.5(exclusive)
cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_map_3d>>Versions from 2023(inclusive) to 2023.1.6(exclusive)
cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_map_3d>>Versions from 2024(inclusive) to 2024.1.5(exclusive)
cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_map_3d>>Versions from 2025(inclusive) to 2025.1(exclusive)
cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mechanical>>Versions from 2022(inclusive) to 2022.1.5(exclusive)
cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mechanical>>Versions from 2023(inclusive) to 2023.1.6(exclusive)
cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mechanical>>Versions from 2024(inclusive) to 2024.1.5(exclusive)
cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mechanical>>Versions from 2025(inclusive) to 2025.1(exclusive)
cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mep>>Versions from 2022(inclusive) to 2022.1.5(exclusive)
cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mep>>Versions from 2023(inclusive) to 2023.1.6(exclusive)
cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mep>>Versions from 2024(inclusive) to 2024.1.5(exclusive)
cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mep>>Versions from 2025(inclusive) to 2025.1(exclusive)
cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_plant_3d>>Versions from 2022(inclusive) to 2022.1.5(exclusive)
cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_plant_3d>>Versions from 2023(inclusive) to 2023.1.6(exclusive)
cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_plant_3d>>Versions from 2024(inclusive) to 2024.1.5(exclusive)
cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_plant_3d>>Versions from 2025(inclusive) to 2025.1(exclusive)
cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>civil_3d>>Versions from 2022(inclusive) to 2022.1.5(exclusive)
cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>civil_3d>>Versions from 2023(inclusive) to 2023.1.6(exclusive)
cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>civil_3d>>Versions from 2024(inclusive) to 2024.1.5(exclusive)
cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>civil_3d>>Versions from 2025(inclusive) to 2025.1(exclusive)
cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>advance_steel>>Versions from 2022(inclusive) to 2022.1.5(exclusive)
cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>advance_steel>>Versions from 2023(inclusive) to 2023.1.6(exclusive)
cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>advance_steel>>Versions from 2024(inclusive) to 2024.1.5(exclusive)
cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>advance_steel>>Versions from 2025(inclusive) to 2025.1(exclusive)
cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Secondarypsirt@autodesk.com
CWE-787Primarynvd@nist.gov
CWE ID: CWE-787
Type: Secondary
Source: psirt@autodesk.com
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010psirt@autodesk.com
Vendor Advisory
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010
Source: psirt@autodesk.com
Resource:
Vendor Advisory
Hyperlink: https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

2552Records found
CVE-2024-8594
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.85%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 21:09
Updated-26 Aug, 2025 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Autodesk AutoCAD MODEL File Parsing Heap-based Buffer Overflow Code Execution Vulnerability

A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Microsoft CorporationAutodesk Inc.
Product-autocad_mechanicalautocad_architectureautocad_plant_3dautocad_electricalautocad_mepwindowsautocad_civil_3dautocadautocad_advance_steelAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3D
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-8587
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.43%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 21:03
Updated-26 Aug, 2025 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Autodesk AutoCAD SLDPRT File Parsing Heap-based Buffer Overflow Code Execution Vulnerability

A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Heap Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_mechanicalautocad_plant_3dadvance_steelautocadautocad_electricalautocad_architecturecivil_3dautocad_mepAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3D
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-8599
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.85%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 21:13
Updated-26 Aug, 2025 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Autodesk AutoCAD ACTranslators STP File Parsing Memory Corruption Code Execution Vulnerability

A maliciously crafted STP file when parsed in ACTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Microsoft CorporationAutodesk Inc.
Product-autocad_mechanicalautocad_architectureautocad_plant_3dautocad_electricalautocad_mepwindowsautocad_civil_3dautocadautocad_advance_steelAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3D
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-8597
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.85%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 21:12
Updated-26 Aug, 2025 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Autodesk AutoCAD STEP File Parsing Memory Corruption Code Execution Vulnerability

A maliciously crafted STP file when parsed in ASMDATAX230A.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Microsoft CorporationAutodesk Inc.
Product-autocad_mechanicalautocad_architectureautocad_plant_3dautocad_electricalautocad_mepwindowsautocad_civil_3dautocadautocad_advance_steelAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3D
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-7994
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.17%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 21:47
Updated-28 Jan, 2025 | 20:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack-Based Buffer Overflow Vulnerability in Autodesk Revit

A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Stack-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-revitRevitrevit
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-7305
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.08% / 25.06%
||
7 Day CHG~0.00%
Published-19 Aug, 2024 | 23:28
Updated-26 Aug, 2025 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DWF Vulnerability in Autodesk Desktop Software

A maliciously crafted DWF file, when parsed in AdDwfPdk.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-civil_3ddwg_trueviewautocadautocad_map_3dadvance_steelautocad_plant_3dautocad_architectureautocad_mechanicalautocad_mepautocad_electricalautocad_ltAdvance SteelAutoCAD Map 3DAutoCADAutoCAD Plant 3DAutoCAD ElectricalAutoCAD MEPDWG TrueViewAutoCAD ArchitectureAutoCAD LTAutoCAD MechanicalCivil 3Dautocadautocad_architectureautocad_mechanicalautocad_civil_3dautocad_electricalautocad_ltdwg_trueviewautocad_mepautocad_plant_3d
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-7674
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.73%
||
7 Day CHG~0.00%
Published-30 Sep, 2024 | 20:30
Updated-26 Aug, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software

A maliciously crafted DWFX file, when parsed in dwfcore.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-navisworksNavisworks ManageNavisworks FreedomNavisworks Simulatenavisworks_simulatenavisworks_managenavisworks_freedom
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-7671
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.85%
||
7 Day CHG~0.00%
Published-30 Sep, 2024 | 20:28
Updated-26 Aug, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software

A maliciously crafted DWFX file, when parsed in dwfcore.dll through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-navisworksNavisworks ManageNavisworks FreedomNavisworks Simulatenavisworks_simulatenavisworks_managenavisworks_freedom
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-7673
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.73%
||
7 Day CHG~0.00%
Published-30 Sep, 2024 | 20:29
Updated-26 Aug, 2025 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software

A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-navisworksNavisworks ManageNavisworks FreedomNavisworks Simulatenavisworks_simulatenavisworks_managenavisworks_freedom
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-7993
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.85%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 21:47
Updated-26 Aug, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-Bounds Write Vulnerability in Autodesk Revit

A maliciously crafted PDF file, when parsed through Autodesk Revit, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-revitRevitrevit
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-7992
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.59%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 21:50
Updated-26 Aug, 2025 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Autodesk AutoCAD DWG Stack-Based Buffer Overflow Code Execution Vulnerability

A maliciously crafted DWG file, when parsed through Autodesk AutoCAD and certain AutoCAD-based products, can force a Stack-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_mechanicalautocad_architectureautocad_plant_3dautocad_electricaldwg_trueviewautocad_mepautocad_ltautocad_civil_3dautocadautocad_advance_steelAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPDWG TrueViewAutoCAD ArchitectureAutoCAD LTAutoCAD MechanicalCivil 3DRealDWG
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-7672
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.85%
||
7 Day CHG~0.00%
Published-30 Sep, 2024 | 20:29
Updated-26 Aug, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software

A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-navisworksNavisworks ManageNavisworks FreedomNavisworks Simulatenavisworks_simulatenavisworks_managenavisworks_freedom
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23127
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.27% / 50.43%
||
7 Day CHG-0.42%
Published-22 Feb, 2024 | 02:59
Updated-28 Aug, 2025 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted MODEL, SLDPRT, or SLDASM file, when parsed in ODXSW_DLL.dll and libodxdll.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architectureautocad_mechanicalcivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_plant_3dAutoCADAutoCAD MechanicalAdvance SteelAutoCAD ArchitectureCivil 3DAutoCAD Plant 3DAutoCAD MEPAutoCAD MAP 3DAutoCAD Electricalautocad_civil_3dautocad_advance_steelautocad
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23155
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.14% / 35.24%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 03:28
Updated-26 Aug, 2025 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products

A maliciously crafted MODEL file, when parsed in atf_asm_interface.dll through Autodesk applications, can be used to cause a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-civil_3dautocadautocad_mechanicaladvance_steelautocad_electricalautocad_plant_3dautocad_architectureautocad_mepautocad_map_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocad_civil_3dautocad_advance_steel
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-36999
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.33% / 55.36%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 03:33
Updated-27 Aug, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products

A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_map_3dautocad_architectureautocad_electricalautocadautocad_mepautocad_plant_3dautocad_mechanicalcivil_3dadvance_steelAutoCAD ArchitectureAutoCADAutoCAD MAP 3DAutoCAD MEPAdvance SteelCivil 3DAutoCAD Plant 3DAutoCAD ElectricalAutoCAD Mechanical
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-37008
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.17%
||
7 Day CHG~0.00%
Published-21 Aug, 2024 | 10:02
Updated-26 Aug, 2025 | 18:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack-based Overflow Vulnerability in Revit Software

A maliciously crafted DWG file, when parsed in Revit, can force a stack-based buffer overflow. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-revitRevitRevit LTrevit_lt
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-37006
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.16% / 37.18%
||
7 Day CHG-0.28%
Published-25 Jun, 2024 | 03:15
Updated-27 Aug, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_map_3dautocad_architectureautocad_electricalautocadautocad_mepautocad_plant_3dautocad_mechanicalcivil_3dadvance_steelAutoCAD ArchitectureAutoCADAutoCAD MAP 3DAutoCAD MEPAdvance SteelCivil 3DAutoCAD Plant 3DAutoCAD ElectricalAutoCAD Mechanical
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-37001
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.12% / 32.21%
||
7 Day CHG-0.22%
Published-25 Jun, 2024 | 03:03
Updated-27 Aug, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_map_3dautocad_architectureautocad_electricalautocadautocad_mepautocad_plant_3dautocad_mechanicalcivil_3dadvance_steelAutoCAD ArchitectureAutoCADAutoCAD MAP 3DAutoCAD MEPAdvance SteelCivil 3DAutoCAD Plant 3DAutoCAD ElectricalAutoCAD Mechanical
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-41306
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.62%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-14 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted PCT file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-design_reviewAutodesk® Design Review
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-41310
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.14% / 35.32%
||
7 Day CHG~0.00%
Published-21 Oct, 2022 | 00:00
Updated-07 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocad_civil_3dautocad_ltautocadautocad_mechanicalautocad_electricalautocad_plant_3ddesign_reviewautocad_advance_steelautocad_architectureautocad_mepautocad_map_3dAutodesk Design Review
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-42942
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.14% / 35.32%
||
7 Day CHG~0.00%
Published-21 Oct, 2022 | 00:00
Updated-08 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocad_mepdesign_reviewautocad_mechanicalautocad_electricalautocadautocad_map_3dautocad_civil_3dautocad_plant_3dautocad_architectureautocad_ltautocad_advance_steelAutodesk Design Review
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23139
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.67%
||
7 Day CHG~0.00%
Published-17 Mar, 2024 | 23:58
Updated-26 Aug, 2025 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ActionScript Byte Code “ABC” Vulnerability in the Autodesk FBX Review software

A maliciously crafted ABC file, when parsed through Autodesk FBX, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-fbx_reviewFBX Reviewfbx_review
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23150
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.83%
||
7 Day CHG-0.15%
Published-25 Jun, 2024 | 03:17
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products

A maliciously crafted PRT file, when parsed in odxug_dll.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3d
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23125
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.68%
||
7 Day CHG-0.10%
Published-22 Feb, 2024 | 02:23
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted SLDPRT file when parsed ODXSW_DLL.dll through Autodesk applications can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architectureautocad_mechanicalcivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocad_civil_3dautocadautocad_advance_steel
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23122
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.37% / 58.10%
||
7 Day CHG-0.57%
Published-22 Feb, 2024 | 01:36
Updated-28 Aug, 2025 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architectureautocad_mechanicalcivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_plant_3dAutoCADAutoCAD MechanicalAdvance SteelAutoCAD ArchitectureCivil 3DAutoCAD Plant 3DAutoCAD MEPAutoCAD MAP 3DAutoCAD Electricalautocad_civil_3dautocad_advance_steelautocad
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23124
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.36% / 57.55%
||
7 Day CHG-0.55%
Published-22 Feb, 2024 | 02:14
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted STP file, when parsed in ASMIMPORT228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architectureautocad_mechanicalcivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocad_civil_3dautocadautocad_advance_steel
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23156
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.33% / 55.36%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 03:30
Updated-26 Aug, 2025 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products

A maliciously crafted 3DM file, when parsed in opennurbs.dll and ASMkern229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-civil_3dautocadautocad_mechanicaladvance_steelautocad_electricalautocad_plant_3dautocad_architectureautocad_mepautocad_map_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocad_plant_3d
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23147
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.26% / 49.30%
||
7 Day CHG-0.40%
Published-25 Jun, 2024 | 02:32
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted CATPART, X_B and STEP, when parsed in ASMKERN228A.dll and ASMKERN229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dcivil_3dadvance_steelautocad
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23144
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.24% / 46.34%
||
7 Day CHG-0.36%
Published-25 Jun, 2024 | 02:10
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMBASE228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dcivil_3dadvance_steelautocad
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23126
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.48%
||
7 Day CHG-0.19%
Published-22 Feb, 2024 | 02:25
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted CATPART file when parsed CC5Dll.dll through Autodesk applications can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architectureautocad_mechanicalcivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocad_civil_3dautocadautocad_advance_steel
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23146
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.26% / 49.30%
||
7 Day CHG-0.40%
Published-25 Jun, 2024 | 02:28
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL through through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dcivil_3dadvance_steelautocad
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23120
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.32% / 54.30%
||
7 Day CHG-0.49%
Published-21 Feb, 2024 | 23:36
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted STP and STEP file, when parsed in ASMIMPORT228A.dll and ASMIMPORT229A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architectureautocad_mechanicalcivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocadautocad_architectureautocad_civil_3dautocad_electricalautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3dautocad_advance_steel
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23154
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.33% / 55.36%
||
7 Day CHG+0.10%
Published-25 Jun, 2024 | 03:27
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products

A maliciously crafted SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocad_civil_3d
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23143
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.20% / 42.31%
||
7 Day CHG-0.31%
Published-25 Jun, 2024 | 02:05
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted 3DM, MODEL and X_B file, when parsed in ASMkern229A.dll and ASMBASE229A.dll through Autodesk applications, can force an Out-of-Bound Read and/or Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architectureautocad_mechanicalcivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3d
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23123
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.37% / 58.10%
||
7 Day CHG-0.57%
Published-22 Feb, 2024 | 01:38
Updated-28 Aug, 2025 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMBASE228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architectureautocad_mechanicalcivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_plant_3dAutoCADAutoCAD MechanicalAdvance SteelAutoCAD ArchitectureCivil 3DAutoCAD Plant 3DAutoCAD MEPAutoCAD MAP 3DAutoCAD Electricalautocad_civil_3dautocad_advance_steelautocad
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23148
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.24% / 46.34%
||
7 Day CHG-0.36%
Published-25 Jun, 2024 | 02:42
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dcivil_3dadvance_steelautocad
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23157
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.33% / 55.36%
||
7 Day CHG-0.51%
Published-25 Jun, 2024 | 03:30
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products

A maliciously crafted SLDASM or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3d
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23121
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.43% / 61.67%
||
7 Day CHG-0.66%
Published-22 Feb, 2024 | 01:18
Updated-28 Aug, 2025 | 14:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted MODEL file, when parsed in libodxdll.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architectureautocad_mechanicalcivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_plant_3dAutoCADAutoCAD MechanicalAdvance SteelAutoCAD ArchitectureCivil 3DAutoCAD Plant 3DAutoCAD MEPAutoCAD MAP 3DAutoCAD Electricalautocad_civil_3dautocad_map_3dautocad_mechanicalautocad_electricalautocadautocad_mepautocad_architectureautocad_advance_steelautocad_plant_3d
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-8593
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.85%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 21:08
Updated-26 Aug, 2025 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Autodesk AutoCAD CATPART File Parsing Out-Of-Bounds Write Code Execution Vulnerability

A maliciously crafted CATPART file, when parsed in ASMKERN230A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Microsoft CorporationAutodesk Inc.
Product-autocad_mechanicalautocad_architectureautocad_plant_3dautocad_electricalautocad_mepwindowsautocad_civil_3dautocadautocad_advance_steelAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3D
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-37003
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.83%
||
7 Day CHG-0.15%
Published-25 Jun, 2024 | 03:12
Updated-27 Aug, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted DWG and SLDPRT file, when parsed in opennurbs.dll and ODXSW_DLL.dll through Autodesk applications, can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_map_3dautocad_architectureautocad_electricalautocadautocad_mepautocad_plant_3dautocad_mechanicalcivil_3dadvance_steelAutoCAD ArchitectureAutoCADAutoCAD MAP 3DAutoCAD MEPAdvance SteelCivil 3DAutoCAD Plant 3DAutoCAD ElectricalAutoCAD Mechanical
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-8592
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.08% / 25.06%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 21:39
Updated-26 Aug, 2025 | 18:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Autodesk AutoCAD CATPART File Parsing Memory Corruption Code Execution Vulnerability

A maliciously crafted CATPART file when parsed in AcTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Microsoft CorporationAutodesk Inc.
Product-autocad_advance_steelautocad_mechanicalautocad_plant_3dwindowsautocadautocad_civil_3dautocad_electricalautocad_architectureautocad_mepAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD LTAutoCAD MechanicalCivil 3D
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-27036
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.27% / 50.48%
||
7 Day CHG~0.00%
Published-09 Jul, 2021 | 14:17
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted PCX, PICT, RCL, TIF, BMP, PSD or TIFF file can be used to write beyond the allocated buffer while parsing PCX, PDF, PICT, RCL, BMP, PSD or TIFF files. This vulnerability can be exploited to execute arbitrary code

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-design_reviewAutodesk Design Review
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-7991
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.17%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 21:49
Updated-26 Aug, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Autodesk AutoCAD DWG Out-of-Bounds Write Code Execution Vulnerability

A maliciously crafted DWG file, when parsed through Autodesk AutoCAD and certain AutoCAD-based products, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_mechanicalautocad_architectureautocad_plant_3dautocad_electricaldwg_trueviewautocad_mepautocad_ltautocad_civil_3dautocadautocad_advance_steelAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPDWG TrueViewAutoCAD ArchitectureAutoCAD LTAutoCAD MechanicalCivil 3DRealDWG
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-27041
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.37% / 57.91%
||
7 Day CHG~0.00%
Published-25 Jun, 2021 | 12:41
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code

Action-Not Available
Vendor-iconicsn/aMitsubishi Electric CorporationAutodesk Inc.
Product-mc_works64autocad_mechanicaldesign_reviewautocad_plant_3dautocad_map_3dautocad_ltadvance_steelautocadautocad_electricalautocad_architecturecivil_3dgenesis64autocad_mepAutodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-11454
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.25%
||
7 Day CHG+0.02%
Published-09 Dec, 2024 | 17:48
Updated-28 Aug, 2025 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Untrusted Search Path vulnerability in Autodesk Revit

A maliciously crafted DLL file, when placed in the same directory as an RVT file could be loaded by Autodesk Revit, and execute arbitrary code in the context of the current process due to an untrusted search patch being utilized.

Action-Not Available
Vendor-Autodesk Inc.
Product-revitRevitrevit
CWE ID-CWE-426
Untrusted Search Path
CVE-2022-33886
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.38%
||
7 Day CHG~0.00%
Published-03 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 08:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted MODEL and SLDPRT file can be used to write beyond the allocated buffer while parsing through Autodesk AutoCAD 2023, 2022, 2021, 2020, and Maya 2023 and 2022. The vulnerability exists because the application fails to handle crafted MODEL and SLDPRT files, which causes an unhandled exception. A malicious actor could leverage this vulnerability to execute arbitrary code.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocad_advance_steelautocad_mechanicalautocad_plant_3dautocad_map_3dautocadautocad_civil_3dautocad_electricalautocad_ltautocad_architectureautocad_mepAutodesk Maya
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2022-33881
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.13% / 33.84%
||
7 Day CHG~0.00%
Published-29 Jul, 2022 | 15:18
Updated-03 Aug, 2024 | 08:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Parsing a maliciously crafted PRT file can force Autodesk AutoCAD 2023 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocad_advance_steelautocad_mechanicalautocad_plant_3dautocad_map_3dautocadautocad_civil_3dautocad_electricalautocad_ltautocad_architectureautocad_mepAutodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-33887
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.09% / 26.09%
||
7 Day CHG~0.00%
Published-03 Oct, 2022 | 14:24
Updated-03 Aug, 2024 | 08:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted PDF file when parsed through Autodesk AutoCAD 2023 causes an unhandled exception. An attacker can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocad_advance_steelautocad_mechanicalautocad_plant_3dautocad_map_3dautocadautocad_civil_3dautocad_electricalautocad_ltautocad_architectureautocad_meputodesk® AutoCAD®, Advance Steel and Civil 3D®
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2022-27872
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.42% / 60.99%
||
7 Day CHG~0.00%
Published-21 Jun, 2022 | 14:23
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted PDF file may be used to dereference a pointer for read or write operation while parsing PDF files in Autodesk Navisworks 2022. The vulnerability exists because the application fails to handle a crafted PDF file, which causes an unhandled exception. An attacker can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-navisworksNavisworks
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2022-27873
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.17% / 38.63%
||
7 Day CHG~0.00%
Published-29 Jul, 2022 | 15:17
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360’s document parser. The vulnerability exists in the application’s ‘Insert SVG’ procedure. An attacker can also leverage this vulnerability to obtain victim’s public IP and possibly other sensitive information.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-fusion_360Fusion360
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 51
  • 52
  • Next
Details not found