CVE-2024-23148: A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access…

high7.8CVSS 3.1

AVLACLPRNUIRSUCHIHAH

A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.

Affected

36 ranges· showing 25

Vendor	Product	Version range	Fixed in
autodesk	advance_steel	>= 2022 < 2022.1.5	2022.1.5
autodesk	advance_steel	>= 2023 < 2023.1.6	2023.1.6
autodesk	advance_steel	>= 2024 < 2024.1.4	2024.1.4
autodesk	advance_steel	>= 2025 < 2025.1	2025.1
autodesk	autocad	>= 2022 < 2022.1.5	2022.1.5
autodesk	autocad	>= 2023 < 2023.1.6	2023.1.6
autodesk	autocad	>= 2024 < 2024.1.4	2024.1.4
autodesk	autocad	>= 2025 < 2025.1	2025.1
autodesk	autocad_architecture	>= 2022 < 2022.1.5	2022.1.5
autodesk	autocad_architecture	>= 2023 < 2023.1.6	2023.1.6
autodesk	autocad_architecture	>= 2024 < 2024.1.4	2024.1.4
autodesk	autocad_architecture	>= 2025 < 2025.1	2025.1
autodesk	autocad_electrical	>= 2022 < 2022.1.5	2022.1.5
autodesk	autocad_electrical	>= 2023 < 2023.1.6	2023.1.6
autodesk	autocad_electrical	>= 2024 < 2024.1.4	2024.1.4
autodesk	autocad_electrical	>= 2025 < 2025.1	2025.1
autodesk	autocad_map_3d	>= 2022 < 2022.1.5	2022.1.5
autodesk	autocad_map_3d	>= 2023 < 2023.1.6	2023.1.6
autodesk	autocad_map_3d	>= 2024 < 2024.1.4	2024.1.4
autodesk	autocad_map_3d	>= 2025 < 2025.1	2025.1
autodesk	autocad_mechanical	>= 2022 < 2022.1.5	2022.1.5
autodesk	autocad_mechanical	>= 2023 < 2023.1.6	2023.1.6
autodesk	autocad_mechanical	>= 2024 < 2024.1.4	2024.1.4
autodesk	autocad_mechanical	>= 2025 < 2025.1	2025.1
autodesk	autocad_mep	>= 2022 < 2022.1.5	2022.1.5