Lucene search

AutodeskCVE-2024-23141

HistoryJun 25, 2024 - 2:15 a.m.

CVE-2024-23141

2024-06-2502:15:11

CWE-415

autodesk

web.nvd.nist.gov

malicious file

libodxdll

autodesk applications

code execution

vulnerability

double free

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

28.9%

JSON

A maliciously crafted MODEL file, when parsed in libodxdll through Autodesk applications, can cause a double free. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "product": "Autodesk applications",
    "vendor": "Autodesk",
    "versions": [
      {
        "status": "affected",
        "version": "2024"
      }
    ]
  }
]

References

www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

28.9%

JSON

Related for CVE-2024-23141