CVE-2023-27913: Integer Overflow
First published: Fri Apr 14 2023(Updated: )
A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can be used to cause an Integer Overflow. A malicious actor can leverage this vulnerability to cause a crash or read sensitive data, or execute arbitrary code in the context of the current process.
Credit: psirt@autodesk.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Autodesk Autocad | >=2023<2023.1.3 | |
| Autodesk Autocad Advance Steel | >=2023<2023.1.3 | |
| Autodesk AutoCAD Architecture | >=2023<2023.1.3 | |
| Autodesk Autocad Civil 3d | >=2023<2023.1.3 | |
| Autodesk AutoCAD Electrical | >=2023<2023.1.3 | |
| Autodesk Autocad Lt | >=2023<2023.1.3 | |
| Autodesk AutoCAD Map 3D | >=2023<2023.1.3 | |
| Autodesk AutoCAD Mechanical | >=2023<2023.1.3 | |
| Autodesk AutoCAD MEP | >=2023<2023.1.3 | |
| Autodesk AutoCAD Plant 3D | >=2023<2023.1.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-27913.
What is the severity of CVE-2023-27913?
CVE-2023-27913 has a severity rating of 7.8 (high).
Which software versions are affected by CVE-2023-27913?
Autodesk AutoCAD 2023 versions up to 2023.1.3 are affected, along with related products such as Autodesk AutoCAD Advance Steel, Autodesk AutoCAD Architecture, Autodesk AutoCAD Civil 3D, Autodesk AutoCAD Electrical, Autodesk AutoCAD LT, Autodesk AutoCAD Map 3D, Autodesk AutoCAD Mechanical, Autodesk AutoCAD MEP, and Autodesk AutoCAD Plant 3D.
How can CVE-2023-27913 be exploited?
CVE-2023-27913 can be exploited by parsing a maliciously crafted X_B file through Autodesk AutoCAD 2023, which can cause an Integer Overflow.
Is there a fix available for CVE-2023-27913?
Yes, Autodesk has released a fix for CVE-2023-27913. Please refer to their security advisory for more information.
- collector/nvd-index
- agent/tags
- agent/event
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/description
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/autodesk
- canonical/autodesk autocad
- version/autodesk autocad/2023
- canonical/autodesk autocad advance steel
- version/autodesk autocad advance steel/2023
- canonical/autodesk autocad architecture
- version/autodesk autocad architecture/2023
- canonical/autodesk autocad civil 3d
- version/autodesk autocad civil 3d/2023
- canonical/autodesk autocad electrical
- version/autodesk autocad electrical/2023
- canonical/autodesk autocad lt
- version/autodesk autocad lt/2023
- canonical/autodesk autocad map 3d
- version/autodesk autocad map 3d/2023
- canonical/autodesk autocad mechanical
- version/autodesk autocad mechanical/2023
- canonical/autodesk autocad mep
- version/autodesk autocad mep/2023
- canonical/autodesk autocad plant 3d
- version/autodesk autocad plant 3d/2023