CVE-2023-7298

CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

8.8HIGH

EPSS

0.2%

top 54.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Autodesk FBX Software Development KIT Autodesk Autodesk FBX SDK

Timeline

PublishedDec 9

Description

A maliciously crafted FBX file, when parsed through Autodesk FBX SDK, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:LExploitability: 1.8 | Impact: 2.5

Affected Packages2 packages

▶NVDautodesk/fbx_software_development_kit< 2020.3.5

▶CVEListV5autodesk/autodesk_fbx_sdk2020.3.4

🔴Vulnerability Details

CVEList

Out-of-Bounds Write Vulnerability in in Autodesk Desktop Software↗2024-12-09

▶

GHSA

GHSA-fqp5-36cq-qjxw: A maliciously crafted FBX file, when parsed through Autodesk FBX SDK, may force an Out-of-Bounds Write vulnerability↗2024-12-09

▶