CVE-2024-1847

HIGH

3DS Solidworks < 2024 - Buffer Overflow

Title source: rule

Description

Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, IPT, JT, SAT, STL, STP, X_B or X_T file. NOTE: CVE-2024-3298 and CVE-2024-3299 were SPLIT from this ID.

References (1)

[Vendor Advisory] https://www.3ds.com/vulnerability/advisories

Scores

CVSS v3 7.8

EPSS 0.0012

EPSS Percentile 30.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-908 CWE-843 CWE-416 CWE-787 CWE-125 CWE-457 CWE-122

Status published

Products (2)

3ds/solidworks 2024 (2 CPE variants)

3ds/solidworks 2023 - 2024

Published Feb 28, 2024

Tracked Since Feb 18, 2026