CVE-2024-10204

Summary

Heap-based Buffer Overflow and Uninitialized Variable vulnerabilities exist in the X_B and SAT file reading procedure in eDrawings from Release SOLIDWORKS 2024 through Release SOLIDWORKS 2025. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted X_B or SAT file.

Affected Software

VendorProductVersion RangeStatus
Dassault SystèmeseDrawingsRelease SOLIDWORKS 2024 SP0 <= Release SOLIDWORKS 2024 SP5affected
Dassault SystèmeseDrawingsRelease SOLIDWORKS 2025 SP0affected

Weaknesses

  • CWE-122: CWE-122 Heap-based Buffer Overflow
  • CWE-457: CWE-457: Use of Uninitialized Variable

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References