CVE-2024-0446

Published: Feb 21, 2024

Modified: Aug 26, 2025

PUBLISHED

CVSS v3.1

7.8

HIGH

Description

A maliciously crafted STP, CATPART or MODEL file, when parsed in ASMKERN228A.dll and ASMdatax229A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Vendor	Product	Versions
Autodesk	AutoCAD	affected `2025 - < 2025.0.1` affected `2024 - < 2024.1.3` affected `2023 - < 2023.1.5` affected `2022 - < 2022.1.4` affected `2021 - < 2021.1.4`
Autodesk	AutoCAD Architecture	affected `2025 - < 2025.0.1` affected `2024 - < 2024.1.3` affected `2023 - < 2023.1.5` affected `2022 - < 2022.1.4` affected `2021 - < 2021.1.4`
Autodesk	AutoCAD Electrical	affected `2025 - < 2025.0.1` affected `2024 - < 2024.1.3` affected `2023 - < 2023.1.5` affected `2022 - < 2022.1.4` affected `2021 - < 2021.1.4`
Autodesk	AutoCAD Mechanical	affected `2025 - < 2025.0.1` affected `2024 - < 2024.1.3` affected `2023 - < 2023.1.5` affected `2022 - < 2022.1.4` affected `2021 - < 2021.1.4`
Autodesk	AutoCAD MEP	affected `2025 - < 2025.0.1` affected `2024 - < 2024.1.3` affected `2023 - < 2023.1.5` affected `2022 - < 2022.1.4` affected `2021 - < 2021.1.4`
Autodesk	AutoCAD Plant 3D	affected `2025 - < 2025.0.1` affected `2024 - < 2024.1.3` affected `2023 - < 2023.1.5` affected `2022 - < 2022.1.4` affected `2021 - < 2021.1.4`
Autodesk	Civil 3D	affected `2025 - < 2025.0.1` affected `2024 - < 2024.1.3` affected `2023 - < 2023.1.5` affected `2022 - < 2022.1.4` affected `2021 - < 2021.1.4`
Autodesk	Advance Steel	affected `2025 - < 2025.0.1` affected `2024 - < 2024.1.3` affected `2023 - < 2023.1.5` affected `2022 - < 2022.1.4` affected `2021 - < 2021.1.4`
Autodesk	AutoCAD MAP 3D	affected `2025 - < 2025.0.1` affected `2024 - < 2024.1.3` affected `2023 - < 2023.1.5` affected `2022 - < 2022.1.4` affected `2021 - < 2021.1.4`