CVE-2024-7991
Autodesk AutoCAD DWG Out-of-Bounds Write Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A maliciously crafted DWG file, when parsed through Autodesk AutoCAD and certain AutoCAD-based products, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Un archivo DWG creado con fines malintencionados, cuando se analiza a través de Autodesk AutoCAD y ciertos productos basados en AutoCAD, puede forzar una escritura fuera de los límites. Un actor malintencionado puede aprovechar esta vulnerabilidad para provocar un bloqueo, leer datos confidenciales o ejecutar código arbitrario en el contexto del proceso actual.
A maliciously crafted DWG file, when parsed through Autodesk AutoCAD and certain AutoCAD-based products, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-08-19 CVE Reserved
- 2024-10-29 CVE Published
- 2025-03-30 EPSS Updated
- 2025-04-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-787: Out-of-bounds Write
CAPEC
- CAPEC-100: Overflow Buffers
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Autodesk Search vendor "Autodesk" | Advance Steel Search vendor "Autodesk" for product "Advance Steel" | * | - |
Affected
| ||||||
| Autodesk Search vendor "Autodesk" | Autocad Search vendor "Autodesk" for product "Autocad" | * | - |
Affected
| ||||||
| Autodesk Search vendor "Autodesk" | Autocad Advance Steel Search vendor "Autodesk" for product "Autocad Advance Steel" | * | - |
Affected
| ||||||
| Autodesk Search vendor "Autodesk" | Autocad Architecture Search vendor "Autodesk" for product "Autocad Architecture" | * | - |
Affected
| ||||||
| Autodesk Search vendor "Autodesk" | Autocad Civil 3d Search vendor "Autodesk" for product "Autocad Civil 3d" | * | - |
Affected
| ||||||
| Autodesk Search vendor "Autodesk" | Autocad Electrical Search vendor "Autodesk" for product "Autocad Electrical" | * | - |
Affected
| ||||||
| Autodesk Search vendor "Autodesk" | Autocad Lt Search vendor "Autodesk" for product "Autocad Lt" | * | - |
Affected
| ||||||
| Autodesk Search vendor "Autodesk" | Autocad Mechanical Search vendor "Autodesk" for product "Autocad Mechanical" | * | - |
Affected
| ||||||
| Autodesk Search vendor "Autodesk" | Autocad Mep Search vendor "Autodesk" for product "Autocad Mep" | * | - |
Affected
| ||||||
| Autodesk Search vendor "Autodesk" | Autocad Plant 3d Search vendor "Autodesk" for product "Autocad Plant 3d" | * | - |
Affected
| ||||||
| Autodesk Search vendor "Autodesk" | Dwg Trueview Search vendor "Autodesk" for product "Dwg Trueview" | * | - |
Affected
| ||||||
| Autodesk Search vendor "Autodesk" | Infrastructure Parts Editor Search vendor "Autodesk" for product "Infrastructure Parts Editor" | * | - |
Affected
| ||||||
| Autodesk Search vendor "Autodesk" | Inventor Search vendor "Autodesk" for product "Inventor" | * | - |
Affected
| ||||||
| Autodesk Search vendor "Autodesk" | Navisworks Search vendor "Autodesk" for product "Navisworks" | * | - |
Affected
| ||||||
| Autodesk Search vendor "Autodesk" | Revit Search vendor "Autodesk" for product "Revit" | * | - |
Affected
| ||||||