Lucene search

[email protected]CVE-2023-41139

HistoryNov 23, 2023 - 4:15 a.m.

CVE-2023-41139

2023-11-2304:15:07

CWE-822

CWE-119

[email protected]

web.nvd.nist.gov

autocad

stp file

vulnerability

code execution

cve-2023-41139

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

16.1%

JSON

A maliciously crafted STP file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to dereference an untrusted pointer. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.

Affected configurations

NVD

Node

autodeskautocadRange<2024.1macos

autodeskautocadRange2023.0.0–2023.1.4

autodeskautocadRange2024.0.0–2024.1.1

autodeskautocad_advance_steelRange<2023.1.4

autodeskautocad_advance_steelRange2024.0.0–2024.1.1

autodeskautocad_architectureRange<2023.1.4

autodeskautocad_architectureRange2024.0.0–2024.1.1

autodeskautocad_civil_3dRange<2023.1.4

autodeskautocad_civil_3dRange2024.0.0–2024.1.1

autodeskautocad_electricalRange<2023.1.4

autodeskautocad_electricalRange2024.0.0–2024.1.1

autodeskautocad_ltRange<2023.1.4

autodeskautocad_ltRange<2024.1macos

autodeskautocad_ltRange2024.0.0–2024.1.1

autodeskautocad_map_3dRange<2023.1.4

autodeskautocad_map_3dRange2024.0.0–2024.1.1

autodeskautocad_mechanicalRange<2023.1.4

autodeskautocad_mechanicalRange2024.0.0–2024.1.1

autodeskautocad_mepRange<2023.1.4

autodeskautocad_mepRange2024.0.0–2024.1.1

autodeskautocad_plant_3dRange<2023.1.4

autodeskautocad_plant_3dRange2024.0.0–2024.1.1

CPENameOperatorVersion
autodesk:autocadautodesk autocadlt2024.1
autodesk:autocadautodesk autocadlt2023.1.4
autodesk:autocadautodesk autocadlt2024.1.1
autodesk:autocad_advance_steelautodesk autocad advance steellt2023.1.4
autodesk:autocad_advance_steelautodesk autocad advance steellt2024.1.1
autodesk:autocad_architectureautodesk autocad architecturelt2023.1.4
autodesk:autocad_architectureautodesk autocad architecturelt2024.1.1
autodesk:autocad_civil_3dautodesk autocad civil 3dlt2023.1.4
autodesk:autocad_civil_3dautodesk autocad civil 3dlt2024.1.1
autodesk:autocad_electricalautodesk autocad electricallt2023.1.4

CPE	Name	Operator	Version
autodesk:autocad	autodesk autocad	lt	2024.1
autodesk:autocad	autodesk autocad	lt	2023.1.4
autodesk:autocad	autodesk autocad	lt	2024.1.1
autodesk:autocad_advance_steel	autodesk autocad advance steel	lt	2023.1.4
autodesk:autocad_advance_steel	autodesk autocad advance steel	lt	2024.1.1
autodesk:autocad_architecture	autodesk autocad architecture	lt	2023.1.4
autodesk:autocad_architecture	autodesk autocad architecture	lt	2024.1.1
autodesk:autocad_civil_3d	autodesk autocad civil 3d	lt	2023.1.4
autodesk:autocad_civil_3d	autodesk autocad civil 3d	lt	2024.1.1
autodesk:autocad_electrical	autodesk autocad electrical	lt	2023.1.4

Rows per page:

1-10 of 221

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "product": "AutoCAD, Advance Steel and Civil 3D",
    "vendor": "Autodesk",
    "versions": [
      {
        "status": "affected",
        "version": "2024, 2023"
      }
    ]
  }
]