A maliciously crafted DWF file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Metrics
Affected Vendors & Products
References
History
Mon, 10 Feb 2025 20:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A maliciously crafted DWF file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. | A maliciously crafted DWF file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. |
Wed, 29 Jan 2025 17:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Wed, 29 Jan 2025 17:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Tue, 17 Dec 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 17 Dec 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A maliciously crafted DWF file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. | |
Title | DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software | |
Weaknesses | CWE-787 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: autodesk
Published: 2024-12-17T15:17:56.627Z
Updated: 2025-02-10T20:35:25.685Z
Reserved: 2024-12-04T17:01:22.228Z
Link: CVE-2024-12192

Updated: 2024-12-17T15:33:54.790Z

Status : Awaiting Analysis
Published: 2024-12-17T16:15:24.130
Modified: 2025-02-10T21:15:16.380
Link: CVE-2024-12192

No data.