CVE-2024-3299

Summary

Out-Of-Bounds Write, Use of Uninitialized Resource and Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted SLDDRW or SLDPRT file. NOTE: this vulnerability was SPLIT from CVE-2024-1847.

Affected Software

VendorProductVersion RangeStatus
Dassault SystèmeseDrawingsRelease SOLIDWORKS 2023 SP0 <= Release SOLIDWORKS 2023 SP5affected
Dassault SystèmeseDrawingsRelease SOLIDWORKS 2024 SP0 <= Release SOLIDWORKS 2024 SP1affected

Weaknesses

  • CWE-416: CWE-416 Use After Free
  • CWE-787: CWE-787 Out-of-bounds Write
  • CWE-908: CWE-908 Use of Uninitialized Resource

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References