First published: Mon Sep 30 2024(Updated: )
A maliciously crafted DWF file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Use-After-Free. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.
Credit: psirt@autodesk.com
Affected Software | Affected Version | How to fix |
---|---|---|
=2025 | ||
=2025.1 | ||
=2025.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2024-7675 is critical due to the potential for arbitrary code execution.
To fix CVE-2024-7675, update Autodesk Navisworks to the latest version available that addresses this vulnerability.
A Use-After-Free vulnerability in CVE-2024-7675 occurs when memory is accessed after it has been freed, which can lead to crashes or code execution.
CVE-2024-7675 affects Autodesk Navisworks versions 2025, 2025.1, and 2025.2.
CVE-2024-7675 is associated with a maliciously crafted DWF file that exploits the vulnerability.