CVE-2024-23159: A maliciously crafted STP file, when parsed in stp_aim_x64_vc15d.dll through Autodesk applications, can be used to uninitialized variables. This vulnerability…

high7.8CVSS 3.1

AVLACLPRNUIRSUCHIHAH

A maliciously crafted STP file, when parsed in stp_aim_x64_vc15d.dll through Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.

Affected

36 ranges· showing 25

Vendor	Product	Version range	Fixed in
autodesk	advance_steel	>= 2022 < 2022.1.5	2022.1.5
autodesk	advance_steel	>= 2023 < 2023.1.6	2023.1.6
autodesk	advance_steel	>= 2024 < 2024.1.5	2024.1.5
autodesk	advance_steel	>= 2025 < 2025.1	2025.1
autodesk	autocad	>= 2022 < 2022.1.5	2022.1.5
autodesk	autocad	>= 2023 < 2023.1.6	2023.1.6
autodesk	autocad	>= 2024 < 2024.1.5	2024.1.5
autodesk	autocad	>= 2025 < 2025.1	2025.1
autodesk	autocad_architecture	>= 2022 < 2022.1.5	2022.1.5
autodesk	autocad_architecture	>= 2023 < 2023.1.6	2023.1.6
autodesk	autocad_architecture	>= 2024 < 2024.1.5	2024.1.5
autodesk	autocad_architecture	>= 2025 < 2025.1	2025.1
autodesk	autocad_electrical	>= 2022 < 2022.1.5	2022.1.5
autodesk	autocad_electrical	>= 2023 < 2023.1.6	2023.1.6
autodesk	autocad_electrical	>= 2024 < 2024.1.5	2024.1.5
autodesk	autocad_electrical	>= 2025 < 2025.1	2025.1
autodesk	autocad_map_3d	>= 2022 < 2022.1.5	2022.1.5
autodesk	autocad_map_3d	>= 2023 < 2023.1.6	2023.1.6
autodesk	autocad_map_3d	>= 2024 < 2024.1.5	2024.1.5
autodesk	autocad_map_3d	>= 2025 < 2025.1	2025.1
autodesk	autocad_mechanical	>= 2022 < 2022.1.5	2022.1.5
autodesk	autocad_mechanical	>= 2023 < 2023.1.6	2023.1.6
autodesk	autocad_mechanical	>= 2024 < 2024.1.5	2024.1.5
autodesk	autocad_mechanical	>= 2025 < 2025.1	2025.1
autodesk	autocad_mep	>= 2022 < 2022.1.5	2022.1.5