5 matches found
CVE-2024-8894 Out-of-bounds Write vulnerability in ODA SDK versions < 2025.10
Out-of-bounds Write vulnerability was discovered in Open Design Alliance Drawings SDK before 2025.10. Reading crafted DWF file and missing proper checks on received SectionIterator data can trigger an unhandled exception. This can allow attackers to cause a crash, potentially enabling a...
CVE-2024-8894 Out-of-bounds Write vulnerability in ODA SDK versions < 2025.10
Out-of-bounds Write vulnerability was discovered in Open Design Alliance Drawings SDK before 2025.10. Reading crafted DWF file and missing proper checks on received SectionIterator data can trigger an unhandled exception. This can allow attackers to cause a crash, potentially enabling a...
CVE-2024-7675
A maliciously crafted DWF file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Use-After-Free. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process...
Code injection
The AdView.AdViewer.1 ActiveX control in Autodesk Design Review ADR before 2013 Hotfix 1 allows remote attackers to execute arbitrary code via a crafted DWF file...
CVE-2014-9268
The CVE-2014-9268 entry concerns Autodesk Design Review’s AdView.AdViewer.1 ActiveX control. Affected component: AdView.AdViewer ActiveX in ADR prior to 2013 Hotfix 1. Root cause: improper parsing of DWF files enables an unauthenticated, remote attacker to execute arbitrary code. Impact: remote c...