CVE-2024-7674: A maliciously crafted DWFX file, when parsed in dwfcore.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage…

high7.8CVSS 3.1

AVLACLPRNUIRSUCHIHAH

A maliciously crafted DWFX file, when parsed in dwfcore.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.

Affected

15 ranges

Vendor	Product	Version range	Fixed in
autodesk	navisworks	—	—
autodesk	navisworks	—	—
autodesk	navisworks	—	—
autodesk	navisworks_freedom	>= 2022 < 2022.6	2022.6
autodesk	navisworks_freedom	>= 2023 < 2023.5	2023.5
autodesk	navisworks_freedom	>= 2024 < 2024.3	2024.3
autodesk	navisworks_freedom	>= 2025 < 2025.3	2025.3
autodesk	navisworks_manage	>= 2022 < 2022.6	2022.6
autodesk	navisworks_manage	>= 2023 < 2023.5	2023.5
autodesk	navisworks_manage	>= 2024 < 2024.3	2024.3
autodesk	navisworks_manage	>= 2025 < 2025.3	2025.3
autodesk	navisworks_simulate	>= 2022 < 2022.6	2022.6
autodesk	navisworks_simulate	>= 2023 < 2023.5	2023.5
autodesk	navisworks_simulate	>= 2024 < 2024.3	2024.3
autodesk	navisworks_simulate	>= 2025 < 2025.3	2025.3