A maliciously crafted MODEL and SLDPRT file can be used to write beyond the allocated buffer while parsing through Autodesk AutoCAD 2023, 2022, 2021, 2020, and Maya 2023 and 2022. The vulnerability exists because the application fails to handle crafted MODEL and SLDPRT files, which causes an unhandled exception. A malicious actor could leverage this vulnerability to execute arbitrary code.
AI analysis not yet available
Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
20
Affected Products
2
References
autodesk / autocad
| 2022 - 2022.1.3 |
| - |
| autodesk | autocad_advance_steel | 2023 - 2023.1.1 | - |
| autodesk | autocad_architecture | 2022 - 2022.1.3 | - |
| autodesk | autocad_architecture | 2023 - 2023.1.1 | - |
| autodesk | autocad_civil_3d | 2022 - 2022.1.3 | - |
| autodesk | autocad_civil_3d | 2023 - 2023.1.1 | - |
| autodesk | autocad_electrical | 2022 - 2022.1.3 | - |
| autodesk | autocad_electrical | 2023 - 2023.1.1 | - |
| autodesk | autocad_lt | 2022 - 2022.1.3 | - |
| autodesk | autocad_lt | 2023 - 2023.1.1 | - |
| autodesk | autocad_map_3d | 2022 - 2022.1.3 | - |
| autodesk | autocad_map_3d | 2023 - 2023.1.1 | - |
| autodesk | autocad_mechanical | 2022 - 2022.1.3 | - |
| autodesk | autocad_mechanical | 2023 - 2023.1.1 | - |
| autodesk | autocad_mep | 2022 - 2022.1.3 | - |
| autodesk | autocad_mep | 2023 - 2023.1.1 | - |
| autodesk | autocad_plant_3d | 2022 - 2022.1.3 | - |
| autodesk | autocad_plant_3d | 2023 - 2023.1.1 | - |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability
Impact