CVE-2024-23130

Severity CVSS v4.0:
Pending analysis
Type:
CWE-119 Buffer Errors
Publication date:
22/02/2024
Last modified:
11/04/2025

Description

A maliciously crafted SLDASM or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:* 2021 (including) 2021.1.4 (excluding)
cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:* 2022 (including) 2022.1.4 (excluding)
cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:* 2023 (including) 2023.1.5 (excluding)
cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:* 2024 (including) 2024.1.3 (excluding)
cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:* 2025 (including) 2025.0.1 (excluding)
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:* 2021 (including) 2021.1.4 (excluding)
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:* 2022 (including) 2022.1.4 (excluding)
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:* 2023 (including) 2023.1.5 (excluding)
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:* 2024 (including) 2024.1.3 (excluding)
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:* 2025 (including) 2025.0.1 (excluding)
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:* 2021 (including) 2021.1.4 (excluding)
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:* 2022 (including) 2022.1.4 (excluding)
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:* 2023 (including) 2023.1.5 (excluding)
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:* 2024 (including) 2024.1.3 (excluding)
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:* 2025 (including) 2025.0.1 (excluding)