Autodesk Civil 3D vulnerabilities

CVE-2024-8593 [HIGH] CWE-787 CVE-2024-8593: A maliciously crafted CATPART file, when parsed in ASMKERN230A.dll through Autodesk AutoCAD, may for A maliciously crafted CATPART file, when parsed in ASMKERN230A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVE-2024-7991 [HIGH] CWE-787 CVE-2024-7991: A maliciously crafted DWG file, when parsed through Autodesk AutoCAD and certain AutoCAD-based produ A maliciously crafted DWG file, when parsed through Autodesk AutoCAD and certain AutoCAD-based products, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVE-2024-8596 [HIGH] CWE-787 CVE-2024-8596: A maliciously crafted MODEL file, when parsed in libodxdll.dll through Autodesk AutoCAD, may force a A maliciously crafted MODEL file, when parsed in libodxdll.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVE-2024-8592 [HIGH] CWE-120 CVE-2024-8592: A maliciously crafted CATPART file when parsed in AcTranslators.exe through Autodesk AutoCAD can for A maliciously crafted CATPART file when parsed in AcTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

CVE-2024-8597 [HIGH] CWE-119 CVE-2024-8597: A maliciously crafted STP file when parsed in ASMDATAX230A.dll through Autodesk AutoCAD can force a A maliciously crafted STP file when parsed in ASMDATAX230A.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

CVE-2024-8896 [HIGH] CWE-908 CVE-2024-8896: A maliciously crafted DXF file when parsed in acdb25.dll through Autodesk AutoCAD can force to acces A maliciously crafted DXF file when parsed in acdb25.dll through Autodesk AutoCAD can force to access a variable prior to initialization. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

CVE-2024-8598 [HIGH] CWE-119 CVE-2024-8598: A maliciously crafted STP file when parsed in ACTranslators.exe through Autodesk AutoCAD can force a A maliciously crafted STP file when parsed in ACTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

CVE-2024-8595 [HIGH] CWE-416 CVE-2024-8595: A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force a U A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

CVE-2024-7305 [HIGH] CWE-787 CVE-2024-7305: A maliciously crafted DWF file, when parsed in AdDwfPdk.dll through Autodesk AutoCAD, may force an O A maliciously crafted DWF file, when parsed in AdDwfPdk.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVE-2024-37007 [HIGH] CWE-416 CVE-2024-37007: A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL through Autodesk applications, c A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.

CVE-2024-36999 [HIGH] CWE-125 CVE-2024-36999: A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can forc A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

CVE-2024-23147 [HIGH] CWE-787 CVE-2024-23147: A maliciously crafted CATPART, X_B and STEP, when parsed in ASMKERN228A.dll and ASMKERN229A.dll thro A maliciously crafted CATPART, X_B and STEP, when parsed in ASMKERN228A.dll and ASMKERN229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.

CVE-2024-23155 [HIGH] CWE-122 CVE-2024-23155: A maliciously crafted MODEL file, when parsed in atf_asm_interface.dll through Autodesk applications A maliciously crafted MODEL file, when parsed in atf_asm_interface.dll through Autodesk applications, can be used to cause a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.

CVE-2024-23157 [HIGH] CWE-787 CVE-2024-23157: A maliciously crafted SLDASM or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applicati A maliciously crafted SLDASM or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.

CVE-2024-23150 [HIGH] CWE-787 CVE-2024-23150: A maliciously crafted PRT file, when parsed in odxug_dll.dll through Autodesk AutoCAD, may force an A maliciously crafted PRT file, when parsed in odxug_dll.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVE-2024-23158 [HIGH] CWE-416 CVE-2024-23158: A maliciously crafted IGES file, when parsed in ASMImport229A.dll through Autodesk applications, can A maliciously crafted IGES file, when parsed in ASMImport229A.dll through Autodesk applications, can be used to cause a use-after-free vulnerability. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.

CVE-2024-37000 [HIGH] CWE-787 CVE-2024-37000: A maliciously crafted X_B file, when parsed in pskernel.DLL through Autodesk applications, can lead A maliciously crafted X_B file, when parsed in pskernel.DLL through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.

CVE-2024-23142 [HIGH] CWE-416 CVE-2024-23142: A maliciously crafted CATPART, STP, and MODEL file, when parsed in atf_dwg_consumer.dll, rose_x64_vc A maliciously crafted CATPART, STP, and MODEL file, when parsed in atf_dwg_consumer.dll, rose_x64_vc15.dll and libodxdll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.

CVE-2024-23141 [HIGH] CWE-415 CVE-2024-23141: A maliciously crafted MODEL file, when parsed in libodxdll through Autodesk applications, can cause A maliciously crafted MODEL file, when parsed in libodxdll through Autodesk applications, can cause a double free. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.

CVE-2024-23146 [HIGH] CWE-787 CVE-2024-23146: A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL through through Autodesk AutoCAD A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL through through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.