CVE-2024-7675 — Use After Free in Navisworks Freedom

CWE-416 — Use After Free3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.3%

top 49.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Autodesk Navisworks Freedom Autodesk Navisworks Manage Autodesk Navisworks Simulate +1 more

Timeline

PublishedSep 30

Description

A maliciously crafted DWF file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Use-After-Free. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5autodesk/navisworks_freedom4 versions+3

▶NVDautodesk/navisworks2025, 2025.1, 2025.2+2

▶CVEListV5autodesk/navisworks_manage4 versions+3

▶CVEListV5autodesk/navisworks_simulate4 versions+3

🔴Vulnerability Details

CVEList

DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software↗2024-09-30

▶

GHSA

GHSA-h5x9-4j34-4q7p: A maliciously crafted DWF file, when parsed in w3dtk↗2024-09-30

▶