CVE-2024-23137
HIGHAutodesk Autocad < 2021.1.4 - Use of Uninitialized Resource
Title source: ruleDescription
A maliciously crafted STP or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.
Scores
CVSS v3
7.8
EPSS
0.0282
EPSS Percentile
86.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-457
CWE-908
Status
published
Products (9)
autodesk/advance_steel
2021 - 2021.1.4
autodesk/autocad
2021 - 2021.1.4
autodesk/autocad_architecture
2021 - 2021.1.4
autodesk/autocad_electrical
2021 - 2021.1.4
autodesk/autocad_map_3d
2021 - 2021.1.4
autodesk/autocad_mechanical
2021 - 2021.1.4
autodesk/autocad_mep
2021 - 2021.1.4
autodesk/autocad_plant_3d
2021 - 2021.1.4
autodesk/civil_3d
2021 - 2021.1.4
Published
Feb 22, 2024
Tracked Since
Feb 18, 2026