CVE-2023-41139

HIGH

Autodesk AutoCAD <2024 - Code Injection

Title source: llm

Description

A maliciously crafted STP file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to dereference an untrusted pointer. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.

References (1)

Core 1

Core References

Vendor Advisory

https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018

Scores

CVSS v3 7.8

EPSS 0.0025

EPSS Percentile 16.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-119 CWE-822

Status published

Products (12)

autodesk/autocad < 2024.1

autodesk/autocad 2023.0.0 - 2023.1.4

autodesk/autocad_advance_steel < 2023.1.4

autodesk/autocad_architecture < 2023.1.4

autodesk/autocad_civil_3d < 2023.1.4

autodesk/autocad_electrical < 2023.1.4

autodesk/autocad_lt < 2023.1.4

autodesk/autocad_lt < 2024.1

autodesk/autocad_map_3d < 2023.1.4

autodesk/autocad_mechanical < 2023.1.4

... and 2 more

Published Nov 23, 2023

Tracked Since Feb 18, 2026