Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-7305

Summary
Assigner-autodesk
Assigner Org ID-7e40ea87-bc65-4944-9723-dd79dd760601
Published At-19 Aug, 2024 | 23:28
Updated At-26 Aug, 2025 | 19:57
Rejected At-
Credits

DWF Vulnerability in Autodesk Desktop Software

A maliciously crafted DWF file, when parsed in AdDwfPdk.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:autodesk
Assigner Org ID:7e40ea87-bc65-4944-9723-dd79dd760601
Published At:19 Aug, 2024 | 23:28
Updated At:26 Aug, 2025 | 19:57
Rejected At:
▼CVE Numbering Authority (CNA)
DWF Vulnerability in Autodesk Desktop Software

A maliciously crafted DWF file, when parsed in AdDwfPdk.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Affected Products
Vendor
Autodesk Inc.Autodesk
Product
AutoCAD
Default Status
unaffected
Versions
Affected
  • From 2025 before 2025.1 (custom)
  • From 2024 before 2024.1.6 (custom)
  • From 2023 before 2023.1.7 (custom)
  • From 2022 before 2022.1.6 (custom)
Vendor
Autodesk Inc.Autodesk
Product
AutoCAD Architecture
Default Status
unaffected
Versions
Affected
  • From 2025 before 2025.1 (custom)
  • From 2024 before 2024.1.6 (custom)
  • From 2023 before 2023.1.7 (custom)
  • From 2022 before 2022.1.6 (custom)
Vendor
Autodesk Inc.Autodesk
Product
AutoCAD Electrical
Default Status
unaffected
Versions
Affected
  • From 2025 before 2025.1 (custom)
  • From 2024 before 2024.1.6 (custom)
  • From 2023 before 2023.1.7 (custom)
  • From 2022 before 2022.1.6 (custom)
Vendor
Autodesk Inc.Autodesk
Product
AutoCAD Mechanical
Default Status
unaffected
Versions
Affected
  • From 2025 before 2025.1 (custom)
  • From 2024 before 2024.1.6 (custom)
  • From 2023 before 2023.1.7 (custom)
  • From 2022 before 2022.1.6 (custom)
Vendor
Autodesk Inc.Autodesk
Product
AutoCAD MEP
Default Status
unaffected
Versions
Affected
  • From 2025 before 2025.1 (custom)
  • From 2024 before 2024.1.6 (custom)
  • From 2023 before 2023.1.7 (custom)
  • From 2022 before 2022.1.6 (custom)
Vendor
Autodesk Inc.Autodesk
Product
AutoCAD Plant 3D
Default Status
unaffected
Versions
Affected
  • From 2025 before 2025.1 (custom)
  • From 2024 before 2024.1.6 (custom)
  • From 2023 before 2023.1.7 (custom)
  • From 2022 before 2022.1.6 (custom)
Vendor
Autodesk Inc.Autodesk
Product
Civil 3D
Default Status
unaffected
Versions
Affected
  • From 2025 before 2025.1 (custom)
  • From 2024 before 2024.1.6 (custom)
  • From 2023 before 2023.1.7 (custom)
  • From 2022 before 2022.1.6 (custom)
Vendor
Autodesk Inc.Autodesk
Product
Advance Steel
Default Status
unaffected
Versions
Affected
  • From 2025 before 2025.1 (custom)
  • From 2024 before 2024.1.6 (custom)
  • From 2023 before 2023.1.7 (custom)
  • From 2022 before 2022.1.6 (custom)
Vendor
Autodesk Inc.Autodesk
Product
AutoCAD LT
Default Status
unaffected
Versions
Affected
  • From 2025 before 2025.1 (custom)
  • From 2024 before 2024.1.6 (custom)
  • From 2023 before 2023.1.7 (custom)
  • From 2022 before 2022.1.6 (custom)
Vendor
Autodesk Inc.Autodesk
Product
DWG TrueView
Default Status
unaffected
Versions
Affected
  • From 2025 before 2025.1 (custom)
  • From 2024 before 2024.1.6 (custom)
  • From 2023 before 2023.1.7 (custom)
Vendor
Autodesk Inc.Autodesk
Product
AutoCAD Map 3D
Default Status
unaffected
Versions
Affected
  • From 2025 before 2025.1 (custom)
  • From 2024 before 2024.1.6 (custom)
  • From 2023 before 2023.1.7 (custom)
  • From 2022 before 2022.1.6 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-787CWE-787 Out-of-bounds Write
Type: CWE
CWE ID: CWE-787
Description: CWE-787 Out-of-bounds Write
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-100CAPEC-100 Overflow Buffers
CAPEC ID: CAPEC-100
Description: CAPEC-100 Overflow Buffers
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0014
N/A
Hyperlink: https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0014
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
Autodesk Inc.autodesk
Product
autocad_mep
CPEs
  • cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 2025
Vendor
Autodesk Inc.autodesk
Product
autocad_plant_3d
CPEs
  • cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 2025
Vendor
Autodesk Inc.autodesk
Product
autocad
CPEs
  • cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 2025
Vendor
Autodesk Inc.autodesk
Product
autocad_architecture
CPEs
  • cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 2025
Vendor
Autodesk Inc.autodesk
Product
autocad_electrical
CPEs
  • cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 2025
Vendor
Autodesk Inc.autodesk
Product
autocad_mechanical
CPEs
  • cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 2025
Vendor
Autodesk Inc.autodesk
Product
autocad_civil_3d
CPEs
  • cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 2025
Vendor
Autodesk Inc.autodesk
Product
autocad_lt
CPEs
  • cpe:2.3:a:autodesk:autocad_lt:2025:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 2025
Vendor
Autodesk Inc.autodesk
Product
dwg_trueview
CPEs
  • cpe:2.3:a:autodesk:dwg_trueview:2025:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 2025
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@autodesk.com
Published At:20 Aug, 2024 | 00:15
Updated At:30 Jul, 2025 | 17:26

A maliciously crafted DWF file, when parsed in AdDwfPdk.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
Autodesk Inc.
autodesk
>>advance_steel>>Versions from 2022(inclusive) to 2022.1.6(exclusive)
cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>advance_steel>>Versions from 2023(inclusive) to 2023.1.7(exclusive)
cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>advance_steel>>Versions from 2024(inclusive) to 2024.1.6(exclusive)
cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>advance_steel>>Versions from 2025(inclusive) to 2025.1(exclusive)
cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad>>Versions from 2022(inclusive) to 2022.1.6(exclusive)
cpe:2.3:a:autodesk:autocad:*:*:*:*:*:-:*:*
Autodesk Inc.
autodesk
>>autocad>>Versions from 2023(inclusive) to 2023.1.7(exclusive)
cpe:2.3:a:autodesk:autocad:*:*:*:*:*:-:*:*
Autodesk Inc.
autodesk
>>autocad>>Versions from 2024(inclusive) to 2024.1.6(exclusive)
cpe:2.3:a:autodesk:autocad:*:*:*:*:*:-:*:*
Autodesk Inc.
autodesk
>>autocad>>Versions from 2025(inclusive) to 2025.1(exclusive)
cpe:2.3:a:autodesk:autocad:*:*:*:*:*:-:*:*
Autodesk Inc.
autodesk
>>autocad_architecture>>Versions from 2022(inclusive) to 2022.1.6(exclusive)
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_architecture>>Versions from 2023(inclusive) to 2023.1.7(exclusive)
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_architecture>>Versions from 2024(inclusive) to 2024.1.6(exclusive)
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_architecture>>Versions from 2025(inclusive) to 2025.1(exclusive)
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_electrical>>Versions from 2022(inclusive) to 2022.1.6(exclusive)
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_electrical>>Versions from 2023(inclusive) to 2023.1.7(exclusive)
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_electrical>>Versions from 2024(inclusive) to 2024.1.6(exclusive)
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_electrical>>Versions from 2025(inclusive) to 2025.1(exclusive)
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_lt>>Versions from 2022(inclusive) to 2022.1.6(exclusive)
cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:-:*:*
Autodesk Inc.
autodesk
>>autocad_lt>>Versions from 2023(inclusive) to 2023.1.7(exclusive)
cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:-:*:*
Autodesk Inc.
autodesk
>>autocad_lt>>Versions from 2024(inclusive) to 2024.1.6(exclusive)
cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:-:*:*
Autodesk Inc.
autodesk
>>autocad_lt>>Versions from 2025(inclusive) to 2025.1(exclusive)
cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:-:*:*
Autodesk Inc.
autodesk
>>autocad_map_3d>>Versions from 2022(inclusive) to 2022.1.6(exclusive)
cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_map_3d>>Versions from 2023(inclusive) to 2023.1.7(exclusive)
cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_map_3d>>Versions from 2024(inclusive) to 2024.1.6(exclusive)
cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_map_3d>>Versions from 2025(inclusive) to 2025.1(exclusive)
cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mechanical>>Versions from 2022(inclusive) to 2022.1.6(exclusive)
cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mechanical>>Versions from 2023(inclusive) to 2023.1.7(exclusive)
cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mechanical>>Versions from 2024(inclusive) to 2024.1.6(exclusive)
cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mechanical>>Versions from 2025(inclusive) to 2025.1(exclusive)
cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mep>>Versions from 2022(inclusive) to 2022.1.6(exclusive)
cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mep>>Versions from 2023(inclusive) to 2023.1.7(exclusive)
cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mep>>Versions from 2024(inclusive) to 2024.1.6(exclusive)
cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mep>>Versions from 2025(inclusive) to 2025.1(exclusive)
cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_plant_3d>>Versions from 2022(inclusive) to 2022.1.6(exclusive)
cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_plant_3d>>Versions from 2023(inclusive) to 2023.1.7(exclusive)
cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_plant_3d>>Versions from 2024(inclusive) to 2024.1.6(exclusive)
cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_plant_3d>>Versions from 2025(inclusive) to 2025.1(exclusive)
cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>civil_3d>>Versions from 2022(inclusive) to 2022.1.6(exclusive)
cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>civil_3d>>Versions from 2023(inclusive) to 2023.1.7(exclusive)
cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>civil_3d>>Versions from 2024(inclusive) to 2024.1.6(exclusive)
cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>civil_3d>>Versions from 2025(inclusive) to 2025.1(exclusive)
cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>dwg_trueview>>Versions from 2023(inclusive) to 2023.1.7(exclusive)
cpe:2.3:a:autodesk:dwg_trueview:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>dwg_trueview>>Versions from 2024(inclusive) to 2024.1.6(exclusive)
cpe:2.3:a:autodesk:dwg_trueview:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>dwg_trueview>>Versions from 2025(inclusive) to 2025.1(exclusive)
cpe:2.3:a:autodesk:dwg_trueview:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Secondarypsirt@autodesk.com
CWE ID: CWE-787
Type: Secondary
Source: psirt@autodesk.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0014psirt@autodesk.com
Vendor Advisory
Hyperlink: https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0014
Source: psirt@autodesk.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

0Records found
Details not found