CVE-2024-1847

Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, IPT, JT, SAT, STL, STP, X_B or X_T file. NOTE: CVE-2024-3298 and CVE-2024-3299 were SPLIT from this ID.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.3ds.com/vulnerability/advisories

Configurations

No configuration.

History

No history.

Information

Published : 2024-02-28 18:15

Updated : 2024-04-04 15:15

NVD link : CVE-2024-1847

Mitre link : CVE-2024-1847

CVE.ORG link : CVE-2024-1847

JSON object : View

Products Affected

No product.

CWE

CWE-125

Out-of-bounds Read

CWE-416

Use After Free

CWE-787

Out-of-bounds Write

CWE-843

Access of Resource Using Incompatible Type ('Type Confusion')

CWE-908

Use of Uninitialized Resource

{"id": "CVE-2024-1847", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "3DS.Information-Security@3ds.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-02-28T18:15:45.687", "references": [{"url": "https://www.3ds.com/vulnerability/advisories", "source": "3DS.Information-Security@3ds.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "3DS.Information-Security@3ds.com", "description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-416"}, {"lang": "en", "value": "CWE-787"}, {"lang": "en", "value": "CWE-843"}, {"lang": "en", "value": "CWE-908"}]}], "descriptions": [{"lang": "en", "value": "Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, IPT, JT, SAT, STL, STP, X_B or X_T file. NOTE: CVE-2024-3298 and CVE-2024-3299 were SPLIT from this ID."}, {"lang": "es", "value": "Existen vulnerabilidades de desbordamiento de b\u00fafer de almacenamiento din\u00e1mico, corrupci\u00f3n de memoria, lectura fuera de los l\u00edmites, escritura fuera de los l\u00edmites, desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria, confusi\u00f3n de tipos, variable no inicializada y Use-After-Free vulnerabilidades en el procedimiento de lectura de archivos en eDrawings desde Lanzamiento de SOLIDWORKS 2023 a lanzamiento de SOLIDWORKS 2024. Estas vulnerabilidades podr\u00edan permitir a un atacante ejecutar c\u00f3digo arbitrario al abrir un archivo CATPART, DWG, DXF, IPT, JT, SAT, SLDDRW, SLDPRT, STL, STP, X_B o X_T especialmente manipulado."}], "lastModified": "2024-04-04T15:15:37.850", "sourceIdentifier": "3DS.Information-Security@3ds.com"}