A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in the context of the current process.
References
Link | Resource |
---|---|
https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0005 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
20 Apr 2023, 16:06
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:* |
|
References | (MISC) https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0005 - Vendor Advisory | |
CWE | CWE-125 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
First Time |
Autodesk autocad Mep
Autodesk autocad Plant 3d Autodesk autocad Map 3d Autodesk autocad Mechanical Autodesk autocad Lt Autodesk autocad Autodesk autocad Architecture Autodesk autocad Advance Steel Autodesk Autodesk autocad Electrical Autodesk autocad Civil 3d |
14 Apr 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-14 19:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-27912
Mitre link : CVE-2023-27912
CVE.ORG link : CVE-2023-27912
JSON object : View
Products Affected
autodesk
- autocad_plant_3d
- autocad_architecture
- autocad_map_3d
- autocad_mechanical
- autocad_lt
- autocad_electrical
- autocad_advance_steel
- autocad
- autocad_mep
- autocad_civil_3d
CWE
CWE-125
Out-of-bounds Read