CVE-2024-1848
Multiple vulnerabilities exist in file reading procedure in SOLIDWORKS Desktop on Release SOLIDWORKS 2024
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in SOLIDWORKS Desktop on Release SOLIDWORKS 2024.
These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, DWG, DXF, IPT, JT, SAT, SLDDRW, SLDPRT, STL, STP, X_B or X_T file.
Existen vulnerabilidades de desbordamiento de búfer de almacenamiento dinámico, corrupción de memoria, lectura fuera de los límites, escritura fuera de los límites, desbordamiento de búfer en la región stack de la memoria, confusión de tipos, variable no inicializada y Use-After-Free vulnerabilidades en el procedimiento de lectura de archivos en SOLIDWORKS Desktop en la versión SOLIDWORKS 2024. Estas vulnerabilidades podrían permitir a un atacante ejecutar código arbitrario al abrir un archivo CATPART, DWG, DXF, IPT, JT, SAT, SLDDRW, SLDPRT, STL, STP, X_B o X_T especialmente manipulado.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-02-23 CVE Reserved
- 2024-03-22 CVE Published
- 2024-03-23 EPSS Updated
- 2024-09-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-122: Heap-based Buffer Overflow
- CWE-125: Out-of-bounds Read
- CWE-416: Use After Free
- CWE-457: Use of Uninitialized Variable
- CWE-787: Out-of-bounds Write
- CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')
- CWE-908: Use of Uninitialized Resource
CAPEC
References (1)
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| - | - | - | - | - | ||||||