Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023
CVE-2023-2763

7.8HIGH

Key Information:

Vendor: Dassault Systèmes
Status: Solidworks Desktop
Vendor: CVE Published:; 12 July 2023

🔔 Create Dassault Systèmes Vulnerability Alert

What is CVE-2023-2763?

A set of vulnerabilities in the file reading procedure of SOLIDWORKS Desktop can allow attackers to execute arbitrary code when handling specially crafted DWG or DXF files. These security issues stem from improper memory management and buffer handling, creating potential risks for users opening affected file types in the software. To mitigate these vulnerabilities, users should ensure they are using the latest version of SOLIDWORKS and stay informed about security updates.

Affected Version(s)

SOLIDWORKS Desktop Release SOLIDWORKS 2021 Golden

SOLIDWORKS Desktop Release SOLIDWORKS 2022 Golden

SOLIDWORKS Desktop Release SOLIDWORKS 2023 Golden

References

https://www.3ds.com/vulnerability/advisories

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 12, 2023
Vulnerability Reserved
May 17, 2023

Credit

Mat Powell from Trend Micro's Zero Day Initiative