A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can be used to write beyond the allocated buffer causing a Stack Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in the context of the current process.
References
| Link | Resource |
|---|---|
| https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0005 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
20 Apr 2023, 16:03
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Autodesk autocad Mep
Autodesk autocad Plant 3d Autodesk autocad Map 3d Autodesk autocad Mechanical Autodesk autocad Lt Autodesk autocad Autodesk autocad Architecture Autodesk autocad Advance Steel Autodesk Autodesk autocad Electrical Autodesk autocad Civil 3d |
|
| References | (MISC) https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0005 - Vendor Advisory | |
| CPE | cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:* |
|
| CWE | CWE-787 | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
14 Apr 2023, 19:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-04-14 19:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-27914
Mitre link : CVE-2023-27914
CVE.ORG link : CVE-2023-27914
JSON object : View
Products Affected
autodesk
- autocad_map_3d
- autocad_electrical
- autocad_mep
- autocad_architecture
- autocad_advance_steel
- autocad_mechanical
- autocad
- autocad_plant_3d
- autocad_lt
- autocad_civil_3d
CWE
CWE-787
Out-of-bounds Write