Description
A maliciously crafted DWF file, when parsed in AdDwfPdk.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Autodesk | AutoCAD | unaffected |
|
|||||||||||||||
| Autodesk | AutoCAD Architecture | unaffected |
|
|||||||||||||||
| Autodesk | AutoCAD Electrical | unaffected |
|
|||||||||||||||
| Autodesk | AutoCAD Mechanical | unaffected |
|
|||||||||||||||
| Autodesk | AutoCAD MEP | unaffected |
|
|||||||||||||||
| Autodesk | AutoCAD Plant 3D | unaffected |
|
|||||||||||||||
| Autodesk | Civil 3D | unaffected |
|
|||||||||||||||
| Autodesk | Advance Steel | unaffected |
|
|||||||||||||||
| Autodesk | AutoCAD LT | unaffected |
|
|||||||||||||||
| Autodesk | DWG TrueView | unaffected |
|
|||||||||||||||
| Autodesk | AutoCAD Map 3D | unaffected |
|
Configuration 1 [-]
|
No data.
No data available yet.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2024-48246 | A maliciously crafted DWF file, when parsed in AdDwfPdk.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. |
References
History
Wed, 30 Jul 2025 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Autodesk advance Steel
Autodesk autocad Map 3d Autodesk civil 3d |
|
| CPEs | cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad:*:*:*:*:*:-:*:* cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:-:*:* cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:dwg_trueview:*:*:*:*:*:*:*:* |
|
| Vendors & Products |
Autodesk advance Steel
Autodesk autocad Map 3d Autodesk civil 3d |
Mon, 10 Feb 2025 21:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A maliciously crafted DWF file, when parsed in AdDwfPdk.dll through Autodesk AutoCAD, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | A maliciously crafted DWF file, when parsed in AdDwfPdk.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. |
Wed, 21 Aug 2024 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Autodesk
Autodesk autocad Autodesk autocad Architecture Autodesk autocad Civil 3d Autodesk autocad Electrical Autodesk autocad Lt Autodesk autocad Mechanical Autodesk autocad Mep Autodesk autocad Plant 3d Autodesk dwg Trueview |
|
| CPEs | cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_lt:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:dwg_trueview:2025:*:*:*:*:*:*:* |
|
| Vendors & Products |
Autodesk
Autodesk autocad Autodesk autocad Architecture Autodesk autocad Civil 3d Autodesk autocad Electrical Autodesk autocad Lt Autodesk autocad Mechanical Autodesk autocad Mep Autodesk autocad Plant 3d Autodesk dwg Trueview |
|
| Metrics |
ssvc
|
Mon, 19 Aug 2024 23:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A maliciously crafted DWF file, when parsed in AdDwfPdk.dll through Autodesk AutoCAD, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | |
| Title | DWF Vulnerability in Autodesk Desktop Software | |
| Weaknesses | CWE-787 | |
| References |
| |
| Metrics |
cvssV3_1
|
Subscriptions
Autodesk
Subscribe
Advance Steel
Subscribe
Autocad
Subscribe
Autocad Architecture
Subscribe
Autocad Civil 3d
Subscribe
Autocad Electrical
Subscribe
Autocad Lt
Subscribe
Autocad Map 3d
Subscribe
Autocad Mechanical
Subscribe
Autocad Mep
Subscribe
Autocad Plant 3d
Subscribe
Civil 3d
Subscribe
Dwg Trueview
Subscribe
MITRE
Status: PUBLISHED
Assigner: autodesk
Published:
Updated: 2025-08-26T19:57:54.129Z
Reserved: 2024-07-30T19:31:26.704Z
Link: CVE-2024-7305
Vulnrichment
Updated: 2024-08-21T15:24:25.512Z
NVD
Status : Analyzed
Published: 2024-08-20T00:15:04.003
Modified: 2025-07-30T17:26:19.867
Link: CVE-2024-7305
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses