CVE-2024-23128

Published: Feb 22, 2024

Modified: Aug 28, 2025

PUBLISHED

CVSS v3.1

7.8

HIGH

Description

A maliciously crafted MODEL file, when parsed in libodxdll.dll and ASMDATAX229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.

Vendor	Product	Versions
Autodesk	AutoCAD	affected `2025 - < 2025.0.1` affected `2024 - < 2024.1.3` affected `2023 - < 2023.1.5` affected `2022 - < 2022.1.4` affected `2021 - < 2021.1.4`
Autodesk	AutoCAD Architecture	affected `2025 - < 2025.0.1` affected `2024 - < 2024.1.3` affected `2023 - < 2023.1.5` affected `2022 - < 2022.1.4` affected `2021 - < 2021.1.4`
Autodesk	AutoCAD Electrical	affected `2025 - < 2025.0.1` affected `2024 - < 2024.1.3` affected `2023 - < 2023.1.5` affected `2022 - < 2022.1.4` affected `2021 - < 2021.1.4`
Autodesk	AutoCAD Mechanical	affected `2025 - < 2025.0.1` affected `2024 - < 2024.1.3` affected `2023 - < 2023.1.5` affected `2022 - < 2022.1.4` affected `2021 - < 2021.1.4`
Autodesk	AutoCAD MEP	affected `2025 - < 2025.0.1` affected `2024 - < 2024.1.3` affected `2023 - < 2023.1.5` affected `2022 - < 2022.1.4` affected `2021 - < 2021.1.4`
Autodesk	AutoCAD Plant 3D	affected `2025 - < 2025.0.1` affected `2024 - < 2024.1.3` affected `2023 - < 2023.1.5` affected `2022 - < 2022.1.4` affected `2021 - < 2021.1.4`
Autodesk	Civil 3D	affected `2025 - < 2025.0.1` affected `2024 - < 2024.1.3` affected `2023 - < 2023.1.5` affected `2022 - < 2022.1.4` affected `2021 - < 2021.1.4`
Autodesk	Advance Steel	affected `2025 - < 2025.0.1` affected `2024 - < 2024.1.3` affected `2023 - < 2023.1.5` affected `2022 - < 2022.1.4` affected `2021 - < 2021.1.4`
Autodesk	AutoCAD MAP 3D	affected `2025 - < 2025.0.1` affected `2024 - < 2024.1.3` affected `2023 - < 2023.1.5` affected `2022 - < 2022.1.4` affected `2021 - < 2021.1.4`