CVE-2024-7675

Summary

A maliciously crafted DWF file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Use-After-Free. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.

Affected Software

VendorProductVersion RangeStatus
AutodeskNavisworks Freedom2025affected
AutodeskNavisworks Freedom2024affected
AutodeskNavisworks Freedom2023affected
AutodeskNavisworks Freedom2022affected
AutodeskNavisworks Simulate2025affected
AutodeskNavisworks Simulate2024affected
AutodeskNavisworks Simulate2023affected
AutodeskNavisworks Simulate2022affected
AutodeskNavisworks Manage2025affected
AutodeskNavisworks Manage2024affected
AutodeskNavisworks Manage2023affected
AutodeskNavisworks Manage2022affected

Weaknesses

  • CWE-416: CWE-416 Use After Free

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References