CVE-2023-27912

A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in the context of the current process.

Published: Apr 14, 2023
Updated: Apr 21, 2023
CVE: CVE-2023-27912
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWEs:

CWE-125

Affected Software
References

Software	From	Fixed in
autodesk / autocad	2023	2023.1.3
autodesk / autocad_plant_3d	2023	2023.1.3
autodesk / autocad_mep	2023	2023.1.3
autodesk / autocad_mechanical	2023	2023.1.3
autodesk / autocad_map_3d	2023	2023.1.3
autodesk / autocad_lt	2023	2023.1.3
autodesk / autocad_electrical	2023	2023.1.3
autodesk / autocad_civil_3d	2023	2023.1.3
autodesk / autocad_architecture	2023	2023.1.3
autodesk / autocad_advance_steel	2023	2023.1.3

https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0005

Vulnerability Database

289,697

CVE-2023-27912