Autodesk Revit Vulnerability Could Lead to Memory Leak or Crash
CVE-2024-11268

5.5MEDIUM

Key Information:

Vendor: Autodesk
Status: Revit
Vendor: CVE Published:; 9 December 2024

Summary

A vulnerability exists in Autodesk Revit that can be exploited through carefully crafted PDF files. When a user interacts with a malicious PDF, it facilitates an Out-of-Bounds Read condition during the parsing process. This flaw enables attackers to potentially crash the Revit application or exploit the situation to leak arbitrary memory information. Proper precautions should be taken when handling PDF files in Revit to mitigate the risk associated with this vulnerability.

Affected Version(s)

Revit 2025 < 2025.4

Revit 2024 < 2024.3.1

References

https://autodesk.com/trust/security-advisories/adsk-sa-20...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 9, 2024
Vulnerability Reserved
Nov 15, 2024