CVE-2024-3298

HIGH

SOLIDWORKS <2024 - RCE

Title source: llm

Description

Out-Of-Bounds Write and Type Confusion vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted DWG or DXF. NOTE: this vulnerability was SPLIT from CVE-2024-1847.

References (1)

[Various Sources] https://www.3ds.com/vulnerability/advisories

Scores

CVSS v3 7.8

EPSS 0.0007

EPSS Percentile 21.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-787 CWE-843

Status published

Products (2)

Dassault Systèmes/eDrawings Release SOLIDWORKS 2023 SP0 - Release SOLIDWORKS 2023 SP5

Dassault Systèmes/eDrawings Release SOLIDWORKS 2024 SP0 - Release SOLIDWORKS 2024 SP1

Published Apr 04, 2024

Tracked Since Feb 18, 2026