CVE-2024-23152

2024-06-2503:25:46

CWE-125

autodesk

github.com

3dm file

opennurbs.dll

autodesk

out-of-bounds read vulnerability

sensitive data

arbitrary code

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.0%

JSON

A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CNA Affected

[
  {
    "vendor": "Autodesk",
    "product": "AutoCAD, Advance Steel and Civil 3D",
    "versions": [
      {
        "status": "affected",
        "version": "2024"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010