CVE-2024-1847

Summary

Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, IPT, JT, SAT, STL, STP, X_B or X_T file. NOTE: CVE-2024-3298 and CVE-2024-3299 were SPLIT from this ID.

Affected Software

VendorProductVersion RangeStatus
Dassault SystèmeseDrawingsRelease SOLIDWORKS 2023 SP0 <= Release SOLIDWORKS 2023 SP5affected
Dassault SystèmeseDrawingsRelease SOLIDWORKS 2024 SP0 <= Release SOLIDWORKS 2024 SP1affected

Weaknesses

  • CWE-416: CWE-416 Use After Free
  • CWE-787: CWE-787 Out-of-bounds Write
  • CWE-125: CWE-125 Out-of-bounds Read
  • CWE-843: CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')
  • CWE-908: CWE-908 Use of Uninitialized Resource
  • CWE-122: CWE-122 Heap-based Buffer Overflow
  • CWE-457: CWE-457: Use of Uninitialized Variable

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References