CVE-2024-23159

2024-06-2504:15:14

CWE-457

[email protected]

web.nvd.nist.gov

autodesk

stp file

parsing

vulnerability

code execution

7.6 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

29.0%

JSON

A maliciously crafted STP file, when parsed in stp_aim_x64_vc15d.dll through Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "product": "AutoCAD, Advance Steel and Civil 3D",
    "vendor": "Autodesk",
    "versions": [
      {
        "status": "affected",
        "version": "2024"
      }
    ]
  }
]

References

www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010