CVE-2024-1847

Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, IPT, JT, SAT, STL, STP, X_B or X_T file. NOTE: CVE-2024-3298 and CVE-2024-3299 were SPLIT from this ID.
Configurations

No configuration.

History

02 Sep 2024, 09:15

Type Values Removed Values Added
CWE CWE-457
CWE-122

04 Apr 2024, 15:15

Type Values Removed Values Added
Summary
  • (es) Existen vulnerabilidades de desbordamiento de búfer de almacenamiento dinámico, corrupción de memoria, lectura fuera de los límites, escritura fuera de los límites, desbordamiento de búfer en la región stack de la memoria, confusión de tipos, variable no inicializada y Use-After-Free vulnerabilidades en el procedimiento de lectura de archivos en eDrawings desde Lanzamiento de SOLIDWORKS 2023 a lanzamiento de SOLIDWORKS 2024. Estas vulnerabilidades podrían permitir a un atacante ejecutar código arbitrario al abrir un archivo CATPART, DWG, DXF, IPT, JT, SAT, SLDDRW, SLDPRT, STL, STP, X_B o X_T especialmente manipulado.
Summary (en) Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, DWG, DXF, IPT, JT, SAT, SLDDRW, SLDPRT, STL, STP, X_B or X_T file. (en) Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, IPT, JT, SAT, STL, STP, X_B or X_T file. NOTE: CVE-2024-3298 and CVE-2024-3299 were SPLIT from this ID.

28 Feb 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-28 18:15

Updated : 2024-09-02 09:15


NVD link : CVE-2024-1847

Mitre link : CVE-2024-1847

CVE.ORG link : CVE-2024-1847


JSON object : View

Products Affected

No product.

CWE
CWE-122

Heap-based Buffer Overflow

CWE-125

Out-of-bounds Read

CWE-416

Use After Free

CWE-457

Use of Uninitialized Variable

CWE-787

Out-of-bounds Write

CWE-843

Access of Resource Using Incompatible Type ('Type Confusion')

CWE-908

Use of Uninitialized Resource