Heap Overflow via Malformed MODEL File in AutoCAD 2024/2023
CVE-2023-29073 Published on November 23, 2023

A maliciously crafted MODEL file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause a Heap-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

NVD

Weakness Type

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().


Products Associated with CVE-2023-29073

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-29073 are published in these products:

AutoDesk Autocad Map 3d
 
AutoDesk Autocad Electrical
 
AutoDesk Autocad
 
AutoDesk Autocad Architecture
 
AutoDesk Autocad Lt
 
AutoDesk Autocad Civil 3d
 
AutoDesk Autocad Advance Steel
 
AutoDesk Autocad Plant 3d
 
AutoDesk Autocad Mep
 
AutoDesk Autocad Mechanical
 

Affected Versions

Autodesk AutoCAD, Advance Steel and Civil 3D Version 2024, 2023 is affected by CVE-2023-29073

Exploit Probability

EPSS
0.34%
Percentile
55.91%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.