CVE-2024-1848
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in SOLIDWORKS Desktop on Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, DWG, DXF, IPT, JT, SAT, SLDDRW, SLDPRT, STL, STP, X_B or X_T file.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Dassault Systèmes | SOLIDWORKS Desktop | Release SOLIDWORKS 2024 SP0 <= Release SOLIDWORKS 2024 SP1 | affected |
Weaknesses
- CWE-416: CWE-416 Use After Free
- CWE-787: CWE-787 Out-of-bounds Write
- CWE-125: CWE-125 Out-of-bounds Read
- CWE-843: CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')
- CWE-908: CWE-908 Use of Uninitialized Resource
- CWE-122: CWE-122 Heap-based Buffer Overflow
- CWE-457: CWE-457: Use of Uninitialized Variable
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.