CVE-2024-23139: ActionScript Byte Code “ABC” Vulnerability in the Autodesk FBX Review software
First published: Sun Mar 17 2024(Updated: )
A maliciously crafted ABC file, when parsed through Autodesk FBX, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Credit: psirt@autodesk.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Autodesk FBX Review |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-23139?
CVE-2024-23139 is classified as a high severity vulnerability due to the potential for data corruption and arbitrary code execution.
How do I fix CVE-2024-23139?
To mitigate CVE-2024-23139, it is recommended to update Autodesk FBX Review to the latest version provided by Autodesk.
What types of attacks can be executed using CVE-2024-23139?
CVE-2024-23139 can be exploited to launch denial of service attacks, corrupt data, or execute arbitrary code in the context of the current process.
Which version of Autodesk software is affected by CVE-2024-23139?
CVE-2024-23139 affects Autodesk FBX Review, but no specific version numbers were disclosed in the advisory.
Is CVE-2024-23139 being actively exploited?
As of now, there are no confirmed reports of active exploitation for CVE-2024-23139, but it is advisable to take precautions.
- agent/weakness
- agent/references
- agent/type
- agent/first-publish-date
- agent/author
- agent/source
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/event
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/tags
- agent/description
- agent/guess-ai
- vendor/autodesk