Malicious DWF File Can Trigger Heap-Based Buffer Overflow in Autodesk Navisworks
CVE-2024-7674

7.8HIGH

Key Information:

Vendor
Autodesk
Status
Navisworks Freedom
Navisworks Simulate
Navisworks Manage
Vendor
CVE Published:
30 September 2024

Summary

A vulnerability exists in Autodesk Navisworks related to the processing of maliciously crafted DWF files through the dwfcore.dll module. An attacker can exploit this vulnerability to trigger a heap-based buffer overflow, which may lead to application crashes or the execution of arbitrary code within the affected process context. Proper input validation and strict handling of DWF files are essential to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Navisworks Freedom 2025 < 2025.3

Navisworks Freedom 2024 < 2024.3

Navisworks Freedom 2023 < 2023.5

References

https://www.autodesk.com/trust/security-advisories/adsk-s...

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

.
CVE-2024-7674 : Malicious DWF File Can Trigger Heap-Based Buffer Overflow in Autodesk Navisworks | SecurityVulnerability.io