A maliciously crafted DXF file when parsed in acdb25.dll through Autodesk AutoCAD can force to access a variable prior to initialization. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
References
| Link | Resource |
|---|---|
| https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0021 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
01 Nov 2024, 16:27
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0021 - Vendor Advisory | |
| First Time |
Autodesk dwg Trueview
Autodesk autocad Electrical Autodesk autocad Mep Autodesk autocad Lt Autodesk Autodesk autocad Advance Steel Autodesk autocad Plant 3d Autodesk autocad Autodesk autocad Civil 3d Autodesk autocad Mechanical Autodesk autocad Architecture |
|
| CPE | cpe:2.3:a:autodesk:dwg_trueview:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:* |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
| CWE | CWE-908 |
29 Oct 2024, 22:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-10-29 22:15
Updated : 2024-11-01 16:27
NVD link : CVE-2024-8896
Mitre link : CVE-2024-8896
JSON object : View
Products Affected
autodesk
- autocad_mechanical
- autocad
- autocad_electrical
- autocad_plant_3d
- autocad_mep
- autocad_advance_steel
- dwg_trueview
- autocad_civil_3d
- autocad_architecture
- autocad_lt
CWE
CWE-908
Use of Uninitialized Resource