CVE-2023-41139

A maliciously crafted STP file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to dereference an untrusted pointer. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.

Published: Nov 23, 2023
Updated: Dec 1, 2023
CVE: CVE-2023-41139
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
autodesk / autocad_map_3d	-	2023.1.4
autodesk / autocad_map_3d	2024.0.0	2024.1.1
autodesk / autocad_electrical	-	2023.1.4
autodesk / autocad_electrical	2024.0.0	2024.1.1
autodesk / autocad	2024.0.0	2024.1.1
autodesk / autocad	2023.0.0	2023.1.4
autodesk / autocad_architecture	2024.0.0	2024.1.1
autodesk / autocad_architecture	-	2023.1.4
autodesk / autocad_lt	-	2024.1
autodesk / autocad	-	2024.1
autodesk / autocad_lt	-	2023.1.4
autodesk / autocad_lt	2024.0.0	2024.1.1
autodesk / autocad_civil_3d	-	2023.1.4
autodesk / autocad_civil_3d	2024.0.0	2024.1.1
autodesk / autocad_advance_steel	-	2023.1.4
autodesk / autocad_advance_steel	2024.0.0	2024.1.1
autodesk / autocad_plant_3d	-	2023.1.4
autodesk / autocad_plant_3d	2024.0.0	2024.1.1
autodesk / autocad_mep	-	2023.1.4
autodesk / autocad_mep	2024.0.0	2024.1.1
autodesk / autocad_mechanical	-	2023.1.4
autodesk / autocad_mechanical	2024.0.0	2024.1.1

https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018

Vulnerability Database

289,784

CVE-2023-41139