CVE-2024-23143

2024-06-2502:15:11

CWE-787

CWE-125

[email protected]

web.nvd.nist.gov

vulnerability

remote code execution

autodesk applications

3dm files

model files

x_b files

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.7%

JSON

A maliciously crafted 3DM, MODEL and X_B file, when parsed in ASMkern229A.dll and ASMBASE229A.dll through Autodesk applications, can force an Out-of-Bound Read and/or Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "product": "Autodesk applications",
    "vendor": "Autodesk",
    "versions": [
      {
        "status": "affected",
        "version": "2024"
      }
    ]
  }
]