CVE-2024-8896Use of Uninitialized Resource in Advance Steel

CWE-908Use of Uninitialized Resource3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.5%
top 36.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
14
Autodesk Advance SteelAutodesk AutocadAutodesk Autocad Architecture+11 more
Timeline
PublishedOct 29
Latest updateOct 30

Description

A maliciously crafted DXF file when parsed in acdb25.dll through Autodesk AutoCAD can force to access a variable prior to initialization. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages22 packages

CVEListV5autodesk/autocad20252025.1.1+3
NVDautodesk/autocad20252025.1.1
CVEListV5autodesk/autocad_lt20252025.1.1+3
NVDautodesk/autocad_lt20252025.1.1
CVEListV5autodesk/autocad_mep20252025.1.1+3

🔴Vulnerability Details

2
GHSA
GHSA-4qxh-72x2-v8fc: A maliciously crafted DXF file when parsed in acdb252024-10-30
CVEList
Autodesk AutoCAD DXF File Parsing Unitialized Variable Code Execution Vulnerability2024-10-29
CVE-2024-8896 — Use of Uninitialized Resource | cvebase