CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-8594

Critical Severity
Autodesk
SVRS
70/100
CVSSv3
7.8/10
EPSS
0.00038/1

CVE-2024-8594 is a heap-based overflow vulnerability in Autodesk AutoCAD's libodxdll.dll. Parsing a maliciously crafted MODEL file can trigger this critical flaw, potentially leading to severe consequences. A threat actor could exploit this vulnerability to crash the application, write sensitive data, or even execute arbitrary code. Although the CVSS score is 7.8, SOCRadar's Vulnerability Risk Score (SVRS) is 70, indicating a significant risk. While not deemed critical (SVRS > 80), this CVE still demands attention due to potential for exploitation, especially given the CWE-122 classification. Organizations using affected versions of AutoCAD should apply the necessary patches immediately to mitigate this risk.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:L
AC:L
PR:N
UI:R
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-10-29
LAST MODIFIED2025-04-11

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-8594 | Autodesk AutoCAD 2025.1 MODEL File libodxdll.dll heap-based overflow
vuldb.com2025-03-02
CVE-2024-8594 | Autodesk AutoCAD 2025.1 MODEL File libodxdll.dll heap-based overflow | A vulnerability was found in Autodesk AutoCAD 2025.1. It has been classified as critical. This affects an unknown part in the library libodxdll.dll of the component MODEL File Handler. The manipulation leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2024-8594
vuldb.com
rss
forum
news
ZDI-24-1433: Autodesk AutoCAD MODEL File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
2024-12-02
ZDI-24-1433: Autodesk AutoCAD MODEL File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-8594.
zerodayinitiative.com
rss
forum
news

Social Media

CVE-2024-8594 A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a cras... https://t.co/QBaSvjyo46
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppAutodeskautocad_plant_3d
AppAutodeskautocad_mep
AppAutodeskautocad
AppAutodeskautocad_civil_3d
AppAutodeskautocad_electrical
AppAutodeskautocad_architecture
AppAutodeskautocad_mechanical

References

ReferenceLink
[email protected]https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019
[email protected]https://autodesk.com/trust/security-advisories/adsk-sa-2024-0019
[email protected]https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019

CWE Details

CWE IDCWE NameDescription
CWE-122Heap-based Buffer OverflowA heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
CWE-787Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence