CVE-2024-1847 Multiple vulnerabilities exist in file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024

Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024...

CVE-2024-1847

The CVE-2024-1847 entry concerns Dassault Systèmes eDrawings (SOLIDWORKS eDrawings Viewer). The connected documents corroborate that multiple out-of-bounds, heap/stack overflows, use-after-free, type confusion and memory corruption issues exist in the file-reading path for eDrawings across SOLIDW...

eDrawings Security Vulnerability

SOLIDWORKS eDrawings is a SOLIDWORKS application for viewing and sharing CAD models by SolidWorks. A security vulnerability exists in eDrawings that originates from a buffer overflow, memory corruption, out-of-bounds read, out-of-bounds write, type obfuscation, uninitialized variable, and...

CVE-2024-23135

A maliciously crafted SLDPRT file in ASMkern228A.dll when parsed through Autodesk applications can be used in user-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process...

CVE-2024-23137

A maliciously crafted STP or SLDPRT file, when parsed in ODXSWDLL.dll through Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process...

CVE-2024-23127

A maliciously crafted MODEL, SLDPRT, or SLDASM file, when parsed in ODXSWDLL.dll and libodxdll.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the...

CVE-2024-23125

A maliciously crafted SLDPRT file when parsed ODXSWDLL.dll through Autodesk applications can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

PT-2024-19678

Name of the Vulnerable Software and Affected Versions Autodesk AutoCAD affected versions not specified Description A maliciously crafted MODEL 3DM, STP, or SLDASM file, when parsed through Autodesk applications using opennurbs.dll, can lead to a memory corruption issue by write access violation...

CVE-2023-2763

Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. These vulnerabilities could allow an attacker to execute arbitrary code while...

CVE-2023-2763

Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. These vulnerabilities could allow an attacker to execute arbitrary code while...

CVE-2023-2762

A Use-After-Free vulnerability in SLDPRT file reading procedure exists in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted SLDPRT file...

Heap overflow

Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. These vulnerabilities could allow an attacker to execute arbitrary code while...

Design/Logic Flaw

A Use-After-Free vulnerability in SLDPRT file reading procedure exists in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted SLDPRT file...

CVE-2023-2763

SOLIDWORKS Desktop (Release SOLIDWORKS 2021–2023) is affected in its DWG/DXF file reading procedure. The root cause is Use-After-Free, out-of-bounds write, and heap-based buffer overflow when parsing crafted DWG/DXF files, potentially allowing arbitrary code execution upon opening such files. Som...

CVE-2023-2763 Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023

Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. These vulnerabilities could allow an attacker to execute arbitrary code while...

CVE-2023-2763 Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023

Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. These vulnerabilities could allow an attacker to execute arbitrary code while...

CVE-2023-2762 Use-After-Free vulnerability in SLDPRT file reading procedure affecting SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023

A Use-After-Free vulnerability in SLDPRT file reading procedure exists in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted SLDPRT file...

CVE-2023-2762

Summary of CVE-2023-2762 (SOLIDWORKS Desktop) A Use-After-Free vulnerability exists in the SLDPRT file reading procedure affecting SOLIDWORKS Desktop from release 2021 through 2023. The underlying issue occurs during parsing of SLDPRT files and could allow an attacker to execute arbitrary code wh...

CVE-2023-2762 Use-After-Free vulnerability in SLDPRT file reading procedure affecting SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023

A Use-After-Free vulnerability in SLDPRT file reading procedure exists in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted SLDPRT file...

Dassault Systèmes SolidWorks DXF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes SolidWorks. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...