Malicious DWF File Can Trigger Heap-Based Buffer Overflow in Autodesk Navisworks
CVE-2024-7674

7.8HIGH

Key Information:

Vendor: Autodesk
Status: Navisworks Freedom; Navisworks Simulate; Navisworks Manage
Vendor: CVE Published:; 30 September 2024

What is CVE-2024-7674?

A vulnerability exists in Autodesk Navisworks related to the processing of maliciously crafted DWF files through the dwfcore.dll module. An attacker can exploit this vulnerability to trigger a heap-based buffer overflow, which may lead to application crashes or the execution of arbitrary code within the affected process context. Proper input validation and strict handling of DWF files are essential to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Navisworks Freedom 2025 < 2025.3

Navisworks Freedom 2024 < 2024.3

Navisworks Freedom 2023 < 2023.5

References

https://www.autodesk.com/trust/security-advisories/adsk-s...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 30, 2024