CVE-2023-27914: Buffer Overflow
First published: Fri Apr 14 2023(Updated: )
A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can be used to write beyond the allocated buffer causing a Stack Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in the context of the current process.
Credit: psirt@autodesk.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Autodesk Autocad | >=2023<2023.1.3 | |
| Autodesk Autocad Advance Steel | >=2023<2023.1.3 | |
| Autodesk AutoCAD Architecture | >=2023<2023.1.3 | |
| Autodesk Autocad Civil 3d | >=2023<2023.1.3 | |
| Autodesk AutoCAD Electrical | >=2023<2023.1.3 | |
| Autodesk Autocad Lt | >=2023<2023.1.3 | |
| Autodesk AutoCAD Map 3D | >=2023<2023.1.3 | |
| Autodesk AutoCAD Mechanical | >=2023<2023.1.3 | |
| Autodesk AutoCAD MEP | >=2023<2023.1.3 | |
| Autodesk AutoCAD Plant 3D | >=2023<2023.1.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-27914?
CVE-2023-27914 is a vulnerability in Autodesk AutoCAD 2023 that allows a maliciously crafted X_B file to cause a Stack Buffer Overflow, potentially leading to a crash, sensitive data exposure, or arbitrary code execution.
How does CVE-2023-27914 affect Autodesk AutoCAD?
CVE-2023-27914 affects Autodesk AutoCAD 2023 versions up to and including 2023.1.3, as well as other related software such as AutoCAD Architecture, AutoCAD Civil 3D, AutoCAD Electrical, AutoCAD LT, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, and AutoCAD Plant 3D.
What is the severity of CVE-2023-27914?
CVE-2023-27914 has a severity rating of 7.8 (High).
How can CVE-2023-27914 be exploited?
CVE-2023-27914 can be exploited by a malicious actor using a specially crafted X_B file to trigger a Stack Buffer Overflow in Autodesk AutoCAD, potentially leading to a crash, unauthorized data access, or arbitrary code execution.
Is there a fix for CVE-2023-27914?
Yes, a fix for CVE-2023-27914 is available. It is recommended to update to the latest patched version of Autodesk AutoCAD 2023 (2023.1.4 or higher) to mitigate this vulnerability.
- collector/nvd-index
- vendor/autodesk
- canonical/autodesk autocad
- version/autodesk autocad/2023
- canonical/autodesk autocad advance steel
- version/autodesk autocad advance steel/2023
- canonical/autodesk autocad architecture
- version/autodesk autocad architecture/2023
- canonical/autodesk autocad civil 3d
- version/autodesk autocad civil 3d/2023
- canonical/autodesk autocad electrical
- version/autodesk autocad electrical/2023
- canonical/autodesk autocad lt
- version/autodesk autocad lt/2023
- canonical/autodesk autocad map 3d
- version/autodesk autocad map 3d/2023
- canonical/autodesk autocad mechanical
- version/autodesk autocad mechanical/2023
- canonical/autodesk autocad mep
- version/autodesk autocad mep/2023
- canonical/autodesk autocad plant 3d
- version/autodesk autocad plant 3d/2023