Heap-Based Overflow in Autodesk Navisworks from Malicious DWFX Files
CVE-2024-12179

7.8HIGH

Key Information:

Vendor

Autodesk
Status
Navisworks Freedom
Navisworks Simulate
Navisworks Manage
Vendor
CVE Published:
17 December 2024

What is CVE-2024-12179?

CVE-2024-12179 describes a critical heap-based overflow vulnerability within Autodesk Navisworks, triggered by the processing of specially crafted DWFX files. Malicious actors can exploit this weakness to potentially crash the application, gain unauthorized access to sensitive data, or execute arbitrary code within the process. Ensuring your software is updated and secure can help mitigate the risks associated with this vulnerability. For more details, please refer to Autodesk's security advisory.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Navisworks Freedom 2025 < 2025.4

Navisworks Manage 2025 < 2025.4

Navisworks Simulate 2025 < 2025.4

References

https://www.autodesk.com/trust/security-advisories/adsk-s...

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.