CVE-2024-23147

Summary

A maliciously crafted CATPART, X_B and STEP, when parsed in ASMKERN228A.dll and ASMKERN229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.

Affected Software

VendorProductVersion RangeStatus
AutodeskAutoCAD2025 < 2025.1affected
AutodeskAutoCAD2024 < 2024.1.4affected
AutodeskAutoCAD2023 < 2023.1.6affected
AutodeskAutoCAD2022 < 2022.1.5affected
AutodeskAutoCAD Architecture2025 < 2025.1affected
AutodeskAutoCAD Architecture2024 < 2024.1.4affected
AutodeskAutoCAD Architecture2023 < 2023.1.6affected
AutodeskAutoCAD Architecture2022 < 2022.1.5affected
AutodeskAutoCAD Electrical2025 < 2025.1affected
AutodeskAutoCAD Electrical2024 < 2024.1.4affected
AutodeskAutoCAD Electrical2023 < 2023.1.6affected
AutodeskAutoCAD Electrical2022 < 2022.1.5affected
AutodeskAutoCAD Mechanical2025 < 2025.1affected
AutodeskAutoCAD Mechanical2024 < 2024.1.4affected
AutodeskAutoCAD Mechanical2023 < 2023.1.6affected
AutodeskAutoCAD Mechanical2022 < 2022.1.5affected
AutodeskAutoCAD MEP2025 < 2025.1affected
AutodeskAutoCAD MEP2024 < 2024.1.4affected
AutodeskAutoCAD MEP2023 < 2023.1.6affected
AutodeskAutoCAD MEP2022 < 2022.1.5affected
AutodeskAutoCAD Plant 3D2025 < 2025.1affected
AutodeskAutoCAD Plant 3D2024 < 2024.1.4affected
AutodeskAutoCAD Plant 3D2023 < 2023.1.6affected
AutodeskAutoCAD Plant 3D2022 < 2022.1.5affected
AutodeskCivil 3D2025 < 2025.1affected
AutodeskCivil 3D2024 < 2024.1.4affected
AutodeskCivil 3D2023 < 2023.1.6affected
AutodeskCivil 3D2022 < 2022.1.5affected
AutodeskAdvance Steel2025 < 2025.1affected
AutodeskAdvance Steel2024 < 2024.1.4affected
AutodeskAdvance Steel2023 < 2023.1.6affected
AutodeskAdvance Steel2022 < 2022.1.5affected
AutodeskAutoCAD MAP 3D2025 < 2025.1affected
AutodeskAutoCAD MAP 3D2024 < 2024.1.4affected
AutodeskAutoCAD MAP 3D2023 < 2023.1.6affected
AutodeskAutoCAD MAP 3D2022 < 2022.1.5affected

Weaknesses

  • CWE-787: CWE-787 Out-of-bounds Write

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References