CVE-2024-23138

A maliciously crafted DWG file when parsed through Autodesk DWG TrueView can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0006	Vendor Advisory
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0006	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:autodesk:advance_steel::::::::
	cpe:2.3:a:autodesk:advance_steel::::::::
	cpe:2.3:a:autodesk:advance_steel::::::::
	cpe:2.3:a:autodesk:advance_steel::::::::
	cpe:2.3:a:autodesk:autocad::::::-::*
	cpe:2.3:a:autodesk:autocad::::::-::*
	cpe:2.3:a:autodesk:autocad::::::macos::*
	cpe:2.3:a:autodesk:autocad::::::-::*
	cpe:2.3:a:autodesk:autocad::::::macos::*
	cpe:2.3:a:autodesk:autocad::::::macos::*
	cpe:2.3:a:autodesk:autocad::::::-::*
	cpe:2.3:a:autodesk:autocad_architecture::::::::
	cpe:2.3:a:autodesk:autocad_architecture::::::::
	cpe:2.3:a:autodesk:autocad_architecture::::::::
	cpe:2.3:a:autodesk:autocad_architecture::::::::
	cpe:2.3:a:autodesk:autocad_electrical::::::::
	cpe:2.3:a:autodesk:autocad_electrical::::::::
	cpe:2.3:a:autodesk:autocad_electrical::::::::
	cpe:2.3:a:autodesk:autocad_electrical::::::::
	cpe:2.3:a:autodesk:autocad_lt::::::-::*
	cpe:2.3:a:autodesk:autocad_lt::::::-::*
	cpe:2.3:a:autodesk:autocad_lt::::::macos::*
	cpe:2.3:a:autodesk:autocad_lt::::::-::*
	cpe:2.3:a:autodesk:autocad_lt::::::macos::*
	cpe:2.3:a:autodesk:autocad_lt::::::macos::*
	cpe:2.3:a:autodesk:autocad_lt::::::-::*
	cpe:2.3:a:autodesk:autocad_map_3d::::::::
	cpe:2.3:a:autodesk:autocad_map_3d::::::::
	cpe:2.3:a:autodesk:autocad_map_3d::::::::
	cpe:2.3:a:autodesk:autocad_map_3d::::::::
	cpe:2.3:a:autodesk:autocad_mechanical::::::::
	cpe:2.3:a:autodesk:autocad_mechanical::::::::
	cpe:2.3:a:autodesk:autocad_mechanical::::::::
	cpe:2.3:a:autodesk:autocad_mechanical::::::::
	cpe:2.3:a:autodesk:autocad_mep::::::::
	cpe:2.3:a:autodesk:autocad_mep::::::::
	cpe:2.3:a:autodesk:autocad_mep::::::::
	cpe:2.3:a:autodesk:autocad_mep::::::::
	cpe:2.3:a:autodesk:autocad_plant_3d::::::::
	cpe:2.3:a:autodesk:autocad_plant_3d::::::::
	cpe:2.3:a:autodesk:autocad_plant_3d::::::::
	cpe:2.3:a:autodesk:autocad_plant_3d::::::::
	cpe:2.3:a:autodesk:civil_3d::::::::
	cpe:2.3:a:autodesk:civil_3d::::::::
	cpe:2.3:a:autodesk:civil_3d::::::::
	cpe:2.3:a:autodesk:civil_3d::::::::
	cpe:2.3:a:autodesk:dwg_trueview::::::::
	cpe:2.3:a:autodesk:dwg_trueview::::::::
	cpe:2.3:a:autodesk:dwg_trueview::::::::

History

No history.

Information

Published : 2024-03-18 00:15

Updated : 2025-08-26 21:15

NVD link : CVE-2024-23138

Mitre link : CVE-2024-23138

CVE.ORG link : CVE-2024-23138

JSON object : View

Products Affected

autodesk

autocad_electrical
autocad_map_3d
dwg_trueview
autocad
autocad_mep
autocad_mechanical
autocad_plant_3d
autocad_architecture
advance_steel
autocad_lt
civil_3d

CWE

CWE-121

Stack-based Buffer Overflow

7.8 /10