Heap-Based Overflow in Autodesk Navisworks from Malicious DWFX Files
CVE-2024-12179

7.8HIGH

Key Information:

Vendor: Autodesk
Status: Navisworks Freedom; Navisworks Simulate; Navisworks Manage
Vendor: CVE Published:; 17 December 2024

What is CVE-2024-12179?

CVE-2024-12179 describes a critical heap-based overflow vulnerability within Autodesk Navisworks, triggered by the processing of specially crafted DWFX files. Malicious actors can exploit this weakness to potentially crash the application, gain unauthorized access to sensitive data, or execute arbitrary code within the process. Ensuring your software is updated and secure can help mitigate the risks associated with this vulnerability. For more details, please refer to Autodesk's security advisory.

Affected Version(s)

Navisworks Freedom 2025 < 2025.4

Navisworks Manage 2025 < 2025.4

Navisworks Simulate 2025 < 2025.4

References

https://www.autodesk.com/trust/security-advisories/adsk-s...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 17, 2024
Vulnerability Reserved
Dec 4, 2024