CVE-2024-23140
Published: Jun 25, 2024
Modified: Aug 26, 2025
CVSS v3.1
7.8
Description
A maliciously crafted 3DM and MODEL file, when parsed in opennurbs.dll and atf_api.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
| Vendor | Product | Versions |
|---|---|---|
Autodesk | AutoCAD | affected 2025 - < 2025.1affected 2024 - < 2024.1.4affected 2023 - < 2023.1.6affected 2022 - < 2022.1.5 |
Autodesk | AutoCAD Architecture | affected 2025 - < 2025.1affected 2024 - < 2024.1.4affected 2023 - < 2023.1.6affected 2022 - < 2022.1.5 |
Autodesk | AutoCAD Electrical | affected 2025 - < 2025.1affected 2024 - < 2024.1.4affected 2023 - < 2023.1.6affected 2022 - < 2022.1.5 |
Autodesk | AutoCAD Mechanical | affected 2025 - < 2025.1affected 2024 - < 2024.1.4affected 2023 - < 2023.1.6affected 2022 - < 2022.1.5 |
Autodesk | AutoCAD MEP | affected 2025 - < 2025.1affected 2024 - < 2024.1.4affected 2023 - < 2023.1.6affected 2022 - < 2022.1.5 |
Autodesk | AutoCAD Plant 3D | affected 2025 - < 2025.1affected 2024 - < 2024.1.4affected 2023 - < 2023.1.6affected 2022 - < 2022.1.5 |
Autodesk | Civil 3D | affected 2025 - < 2025.1affected 2024 - < 2024.1.4affected 2023 - < 2023.1.6affected 2022 - < 2022.1.5 |
Autodesk | Advance Steel | affected 2025 - < 2025.1affected 2024 - < 2024.1.4affected 2023 - < 2023.1.6affected 2022 - < 2022.1.5 |
Autodesk | AutoCAD MAP 3D | affected 2025 - < 2025.1affected 2024 - < 2024.1.4affected 2023 - < 2023.1.6affected 2022 - < 2022.1.5 |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now