Autodesk AutoCAD SLDPRT File Parsing Heap-based Buffer Overflow Code Execution Vulnerability
CVE-2024-8587

7.8HIGH

Key Information:

Vendor: Autodesk
Status: Autocad; Autocad Architecture; Autocad Electrical; Autocad Map 3d
Vendor: CVE Published:; 29 October 2024

What is CVE-2024-8587?

A vulnerability exists in Autodesk AutoCAD that is exploited through parsing of a specially crafted SLDPRT file via the odxsw_dll.dll component. This vulnerability can lead to a Heap Based Buffer Overflow, potentially allowing an attacker to disrupt the application's normal operations, leading to crashes, unauthorized access to sensitive information, or execution of arbitrary code within the context of the process running AutoCAD. Users are advised to review the advisory from Autodesk to mitigate risks associated with this vulnerability.

Affected Version(s)

Advance Steel 2025 < 2025.1.1

Advance Steel 2024 < 2024.1.7

Advance Steel 2023 < 2023.1.7

References

https://www.autodesk.com/trust/security-advisories/adsk-s...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 29, 2024