CVE-2024-23146

Severity CVSS v4.0:
Pending analysis
Type:
CWE-787 Out-of-bounds Write
Publication date:
25/06/2024
Last modified:
06/05/2025

Description

A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:* 2022 (including) 2022.1.5 (excluding)
cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:* 2023 (including) 2023.1.6 (excluding)
cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:* 2024 (including) 2024.1.4 (excluding)
cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:* 2025 (including) 2025.1 (excluding)
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:* 2022 (including) 2022.1.5 (excluding)
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:* 2023 (including) 2023.1.6 (excluding)
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:* 2024 (including) 2024.1.4 (excluding)
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:* 2025 (including) 2025.1 (excluding)
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:* 2022 (including) 2022.1.5 (excluding)
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:* 2023 (including) 2023.1.6 (excluding)
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:* 2024 (including) 2024.1.4 (excluding)
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:* 2025 (including) 2025.1 (excluding)
cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:* 2022 (including) 2022.1.5 (excluding)
cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:* 2023 (including) 2023.1.6 (excluding)
cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:* 2024 (including) 2024.1.4 (excluding)