CRITICAL🇵🇱 Wersja polska

CVE-2023-29076

CVSS 9.8v3.1pub. 2023-11-23upd. 2024-11-21

A maliciously crafted MODEL, SLDASM, SAT or CATPART file when parsed through Autodesk AutoCAD 2024 and 2023 could cause memory corruption vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.

🤖 AI Analysis
How it works

During parsing of a maliciously crafted file in one of the supported formats (MODEL, SLDASM, SAT, CATPART), improper memory management occurs (CWE-119 — buffer overflow/memory corruption). The flaw causes corruption of the process memory structure, which in combination with other vulnerabilities can be exploited to execute arbitrary code in the context of the current application process. The attack requires no authentication or system-side interaction beyond the user opening the file.

Impact

An attacker can trigger arbitrary code execution (RCE) in the context of the AutoCAD process, potentially resulting in system compromise, data theft, or malware installation.

Mitigation & patch

Apply patches available from the vendor according to references (https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018). Users should avoid opening MODEL, SLDASM, SAT, and CATPART files from untrusted sources until updates are installed.

Who is affected

Autodesk AutoCAD 2023 and 2024, and Autodesk AutoCAD Advance Steel (versions indicated in vendor references)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Autodesk Autocad

    APP
    Autodesk
    < 2024.12023.0.0 – 2023.1.4 (bez)2024.0.0 – 2024.1.1 (bez)
  • Autodesk Autocad Advance Steel

    APP
    Autodesk
    < 2023.1.42024.0.0 – 2024.1.1 (bez)
  • Autodesk Autocad Architecture

    APP
    Autodesk
    < 2023.1.42024.0.0 – 2024.1.1 (bez)
  • Autodesk Autocad Civil 3d

    APP
    Autodesk
    < 2023.1.42024.0.0 – 2024.1.1 (bez)
  • Autodesk Autocad Electrical

    APP
    Autodesk
    < 2023.1.42024.0.0 – 2024.1.1 (bez)
  • Autodesk Autocad Lt

    APP
    Autodesk
    < 2023.1.4< 2024.12024.0.0 – 2024.1.1 (bez)
  • Autodesk Autocad Map 3d

    APP
    Autodesk
    < 2023.1.42024.0.0 – 2024.1.1 (bez)
  • Autodesk Autocad Mechanical

    APP
    Autodesk
    < 2023.1.42024.0.0 – 2024.1.1 (bez)
  • Autodesk Autocad Mep

    APP
    Autodesk
    < 2023.1.42024.0.0 – 2024.1.1 (bez)
  • Autodesk Autocad Plant 3d

    APP
    Autodesk
    < 2023.1.42024.0.0 – 2024.1.1 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2023-29075CRITICAL9.8PL ✓ten sam produkt

Out-Of-Bounds Write w Autodesk AutoCAD przy parsowaniu pliku PRT

CVE-2023-29073CRITICAL9.8PL ✓ten sam produkt

Heap-Based Buffer Overflow w Autodesk AutoCAD przy parsowaniu pliku MODEL

CVE-2023-29074CRITICAL9.8PL ✓ten sam produkt

Autodesk AutoCAD: Out-Of-Bounds Write przy parsowaniu pliku CATPART

CVE-2026-0874HIGH7.8ten sam produkt

A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds ...

CVE-2026-0875HIGH7.8ten sam produkt

A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Wr...