CVE-2024-23129

Summary

A maliciously crafted MODEL 3DM, STP, or SLDASM file, when in opennurbs.dll parsed through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.

Affected Software

VendorProductVersion RangeStatus
AutodeskAutoCAD2025 < 2025.0.1affected
AutodeskAutoCAD2024 < 2024.1.3affected
AutodeskAutoCAD2023 < 2023.1.5affected
AutodeskAutoCAD2022 < 2022.1.4affected
AutodeskAutoCAD2021 < 2021.1.4affected
AutodeskAutoCAD Architecture2025 < 2025.0.1affected
AutodeskAutoCAD Architecture2024 < 2024.1.3affected
AutodeskAutoCAD Architecture2023 < 2023.1.5affected
AutodeskAutoCAD Architecture2022 < 2022.1.4affected
AutodeskAutoCAD Architecture2021 < 2021.1.4affected
AutodeskAutoCAD Electrical2025 < 2025.0.1affected
AutodeskAutoCAD Electrical2024 < 2024.1.3affected
AutodeskAutoCAD Electrical2023 < 2023.1.5affected
AutodeskAutoCAD Electrical2022 < 2022.1.4affected
AutodeskAutoCAD Electrical2021 < 2021.1.4affected
AutodeskAutoCAD Mechanical2025 < 2025.0.1affected
AutodeskAutoCAD Mechanical2024 < 2024.1.3affected
AutodeskAutoCAD Mechanical2023 < 2023.1.5affected
AutodeskAutoCAD Mechanical2022 < 2022.1.4affected
AutodeskAutoCAD Mechanical2021 < 2021.1.4affected
AutodeskAutoCAD MEP2025 < 2025.0.1affected
AutodeskAutoCAD MEP2024 < 2024.1.3affected
AutodeskAutoCAD MEP2023 < 2023.1.5affected
AutodeskAutoCAD MEP2022 < 2022.1.4affected
AutodeskAutoCAD MEP2021 < 2021.1.4affected
AutodeskAutoCAD Plant 3D2025 < 2025.0.1affected
AutodeskAutoCAD Plant 3D2024 < 2024.1.3affected
AutodeskAutoCAD Plant 3D2023 < 2023.1.5affected
AutodeskAutoCAD Plant 3D2022 < 2022.1.4affected
AutodeskAutoCAD Plant 3D2021 < 2021.1.4affected
AutodeskCivil 3D2025 < 2025.0.1affected
AutodeskCivil 3D2024 < 2024.1.3affected
AutodeskCivil 3D2023 < 2023.1.5affected
AutodeskCivil 3D2022 < 2022.1.4affected
AutodeskCivil 3D2021 < 2021.1.4affected
AutodeskAdvance Steel2025 < 2025.0.1affected
AutodeskAdvance Steel2024 < 2024.1.3affected
AutodeskAdvance Steel2023 < 2023.1.5affected
AutodeskAdvance Steel2022 < 2022.1.4affected
AutodeskAdvance Steel2021 < 2021.1.4affected
AutodeskAutoCAD MAP 3D2025 < 2025.0.1affected
AutodeskAutoCAD MAP 3D2024 < 2024.1.3affected
AutodeskAutoCAD MAP 3D2023 < 2023.1.5affected
AutodeskAutoCAD MAP 3D2022 < 2022.1.4affected
AutodeskAutoCAD MAP 3D2021 < 2021.1.4affected

Weaknesses

  • CWE-119: CWE-119 Memory Corruption - Generic

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References