Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in SOLIDWORKS Desktop on Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, DWG, DXF, IPT, JT, SAT, SLDDRW, SLDPRT, STL, STP, X_B or X_T file.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

No data.

No data.

No data.

References
Link Providers
https://www.3ds.com/vulnerability/advisories cve-icon cve-icon cve-icon
History

Mon, 02 Sep 2024 08:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-122
CWE-457
cve-icon MITRE

Status: PUBLISHED

Assigner: 3DS

Published: 2024-03-22T10:58:51.824Z

Updated: 2024-09-02T08:10:55.832Z

Reserved: 2024-02-23T16:39:37.098Z

Link: CVE-2024-1848

cve-icon Vulnrichment

Updated: 2024-08-01T18:56:22.220Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-03-22T11:15:46.633

Modified: 2024-09-02T09:15:04.427

Link: CVE-2024-1848

cve-icon Redhat

No data.