CVE-2024-37008

CWE-121Stack-based Buffer OverflowCWE-787Out-of-bounds Write3 documents3 sources
Severity
7.8HIGH
EPSS
0.6%
top 31.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Autodesk RevitAutodesk Revit LT
Timeline
PublishedAug 21

Description

A maliciously crafted DWG file, when parsed in Revit, can force a stack-based buffer overflow. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5autodesk/revit20252025.1+3
CVEListV5autodesk/revit_lt20252025.1+3
NVDautodesk/revit4 versions+3

🔴Vulnerability Details

2
CVEList
Stack-based Overflow Vulnerability in Revit Software2024-08-21
GHSA
GHSA-w57x-f5pm-84r5: A maliciously crafted DWG file, when parsed in Revit, can force a stack-based buffer overflow2024-08-21
CVE-2024-37008 (HIGH CVSS 7.8) | A maliciously crafted DWG file | cvebase.io