A maliciously crafted DWF file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
History

Mon, 10 Feb 2025 20:45:00 +0000

Type Values Removed Values Added
Description A maliciously crafted DWF file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. A maliciously crafted DWF file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Wed, 29 Jan 2025 17:45:00 +0000

Type Values Removed Values Added
References

Wed, 29 Jan 2025 17:00:00 +0000

Type Values Removed Values Added
References

Tue, 17 Dec 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 17 Dec 2024 15:30:00 +0000

Type Values Removed Values Added
Description A maliciously crafted DWF file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Title DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: autodesk

Published: 2024-12-17T15:17:56.627Z

Updated: 2025-02-10T20:35:25.685Z

Reserved: 2024-12-04T17:01:22.228Z

Link: CVE-2024-12192

cve-icon Vulnrichment

Updated: 2024-12-17T15:33:54.790Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-12-17T16:15:24.130

Modified: 2025-02-10T21:15:16.380

Link: CVE-2024-12192

cve-icon Redhat

No data.