CVE-2023-27912
First published: Fri Apr 14 2023(Updated: )
A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in the context of the current process.
Credit: psirt@autodesk.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Autodesk Autocad | >=2023<2023.1.3 | |
| Autodesk Autocad Advance Steel | >=2023<2023.1.3 | |
| Autodesk AutoCAD Architecture | >=2023<2023.1.3 | |
| Autodesk Autocad Civil 3d | >=2023<2023.1.3 | |
| Autodesk AutoCAD Electrical | >=2023<2023.1.3 | |
| Autodesk Autocad Lt | >=2023<2023.1.3 | |
| Autodesk AutoCAD Map 3D | >=2023<2023.1.3 | |
| Autodesk AutoCAD Mechanical | >=2023<2023.1.3 | |
| Autodesk AutoCAD MEP | >=2023<2023.1.3 | |
| Autodesk AutoCAD Plant 3D | >=2023<2023.1.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this security issue?
The vulnerability ID of this security issue is CVE-2023-27912.
What software is affected by this vulnerability?
The software affected by this vulnerability is Autodesk AutoCAD, Autodesk Autocad Architecture, Autodesk Autocad Civil 3d, Autodesk Autocad Electrical, Autodesk Autocad Lt, Autodesk Autocad Map 3d, Autodesk Autocad Mechanical, Autodesk Autocad Mep, and Autodesk Autocad Plant 3d.
What is the severity of CVE-2023-27912?
The severity of CVE-2023-27912 is high, with a severity score of 7.8.
How can this vulnerability be exploited?
This vulnerability can be exploited by using a maliciously crafted X_B file that is parsed through Autodesk AutoCAD 2023, which can force an Out-of-Bound Read and potentially cause a crash, read sensitive data, or execute arbitrary code.
Is there a fix or patch available for this vulnerability?
Yes, Autodesk has provided a fix for this vulnerability. Please refer to the official Autodesk Security Advisory (ADSK-SA-2023-0005) for more information.
- collector/nvd-index
- agent/type
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/event
- agent/tags
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/autodesk
- canonical/autodesk autocad
- version/autodesk autocad/2023
- canonical/autodesk autocad advance steel
- version/autodesk autocad advance steel/2023
- canonical/autodesk autocad architecture
- version/autodesk autocad architecture/2023
- canonical/autodesk autocad civil 3d
- version/autodesk autocad civil 3d/2023
- canonical/autodesk autocad electrical
- version/autodesk autocad electrical/2023
- canonical/autodesk autocad lt
- version/autodesk autocad lt/2023
- canonical/autodesk autocad map 3d
- version/autodesk autocad map 3d/2023
- canonical/autodesk autocad mechanical
- version/autodesk autocad mechanical/2023
- canonical/autodesk autocad mep
- version/autodesk autocad mep/2023
- canonical/autodesk autocad plant 3d
- version/autodesk autocad plant 3d/2023