First published: Tue Oct 29 2024(Updated: )
A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
Credit: psirt@autodesk.com
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
Any of | ||
AutoCAD | >=2025<2025.1.1 | |
Autodesk AutoCAD Advance Steel | >=2025<2025.1.1 | |
AutoCAD | >=2025<2025.1.1 | |
Autodesk Civil 3D | >=2025<2025.1.1 | |
AutoCAD | >=2025<2025.1.1 | |
AutoCAD | >=2025<2025.1.1 | |
AutoCAD | >=2025<2025.1.1 | |
AutoCAD | >=2025<2025.1.1 | |
Microsoft Windows Operating System |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-8595 is classified as a critical vulnerability due to its potential to allow arbitrary code execution.
To mitigate CVE-2024-8595, update Autodesk AutoCAD and related products to the latest versions as recommended by Autodesk.
CVE-2024-8595 affects various versions of Autodesk AutoCAD products, including AutoCAD, AutoCAD Advanced Steel, and others released until 2025.1.1.
An attacker can exploit CVE-2024-8595 to cause application crashes, execute arbitrary code, or access sensitive data.
Yes, CVE-2024-8595 specifically affects Autodesk AutoCAD products from version 2025 up to and including 2025.1.1.