CVE-2024-1848

Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in SOLIDWORKS Desktop on Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, DWG, DXF, IPT, JT, SAT, SLDDRW, SLDPRT, STL, STP, X_B or X_T file.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.3ds.com/vulnerability/advisories
https://www.3ds.com/vulnerability/advisories

Configurations

No configuration.

History

21 Nov 2024, 08:51

Type	Values Removed	Values Added
References	~~() https://www.3ds.com/vulnerability/advisories -~~	() https://www.3ds.com/vulnerability/advisories -

02 Sep 2024, 09:15

Type	Values Removed	Values Added
Summary		(es) Existen vulnerabilidades de desbordamiento de búfer de almacenamiento dinámico, corrupción de memoria, lectura fuera de los límites, escritura fuera de los límites, desbordamiento de búfer en la región stack de la memoria, confusión de tipos, variable no inicializada y Use-After-Free vulnerabilidades en el procedimiento de lectura de archivos en SOLIDWORKS Desktop en la versión SOLIDWORKS 2024. Estas vulnerabilidades podrían permitir a un atacante ejecutar código arbitrario al abrir un archivo CATPART, DWG, DXF, IPT, JT, SAT, SLDDRW, SLDPRT, STL, STP, X_B o X_T especialmente manipulado.
CWE		CWE-457 CWE-122

22 Mar 2024, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-22 11:15

Updated : 2024-11-21 08:51

NVD link : CVE-2024-1848

Mitre link : CVE-2024-1848

CVE.ORG link : CVE-2024-1848

JSON object : View

Products Affected

No product.

CWE

CWE-122

Heap-based Buffer Overflow

CWE-125

Out-of-bounds Read

CWE-416

Use After Free

CWE-457

Use of Uninitialized Variable

CWE-787

Out-of-bounds Write

CWE-843

Access of Resource Using Incompatible Type ('Type Confusion')

CWE-908

Use of Uninitialized Resource

7.8 /10