CVE-2023-41139

HIGH

Autodesk AutoCAD <2024 - Code Injection

Title source: llm

Description

A maliciously crafted STP file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to dereference an untrusted pointer. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.

References (1)

[Vendor Advisory] https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018

Scores

CVSS v3 7.8

EPSS 0.0006

EPSS Percentile 17.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-119 CWE-822

Status published

Products (12)

autodesk/autocad < 2024.1

autodesk/autocad 2023.0.0 - 2023.1.4

autodesk/autocad_advance_steel < 2023.1.4

autodesk/autocad_architecture < 2023.1.4

autodesk/autocad_civil_3d < 2023.1.4

autodesk/autocad_electrical < 2023.1.4

autodesk/autocad_lt < 2023.1.4

autodesk/autocad_lt < 2024.1

autodesk/autocad_map_3d < 2023.1.4

autodesk/autocad_mechanical < 2023.1.4

... and 2 more

Published Nov 23, 2023

Tracked Since Feb 18, 2026