Lucene search

AutodeskCVE-2024-23142

HistoryJun 25, 2024 - 2:15 a.m.

CVE-2024-23142

2024-06-2502:15:11

CWE-416

autodesk

web.nvd.nist.gov

autodesk

use-after-free

code execution

catpart

stp

model

atf_dwg_consumer.dll

rose_x64_vc15.dll

libodxdll

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

29.1%

JSON

A maliciously crafted CATPART, STP, and MODEL file, when parsed in atf_dwg_consumer.dll, rose_x64_vc15.dll and libodxdll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "product": "Autodesk applications",
    "vendor": "Autodesk",
    "versions": [
      {
        "status": "affected",
        "version": "2024"
      }
    ]
  }
]

References

www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

29.1%

JSON

Related for CVE-2024-23142