CVE-2024-1848

Summary

Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in SOLIDWORKS Desktop on Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, DWG, DXF, IPT, JT, SAT, SLDDRW, SLDPRT, STL, STP, X_B or X_T file.

Affected Software

VendorProductVersion RangeStatus
Dassault SystèmesSOLIDWORKS DesktopRelease SOLIDWORKS 2024 SP0 <= Release SOLIDWORKS 2024 SP1affected

Weaknesses

  • CWE-416: CWE-416 Use After Free
  • CWE-787: CWE-787 Out-of-bounds Write
  • CWE-125: CWE-125 Out-of-bounds Read
  • CWE-843: CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')
  • CWE-908: CWE-908 Use of Uninitialized Resource
  • CWE-122: CWE-122 Heap-based Buffer Overflow
  • CWE-457: CWE-457: Use of Uninitialized Variable

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References