A maliciously crafted CATPART file when parsed in CC5Dll.dll through Autodesk AutoCAD can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Vendors Products
Autodesk
  • Autocad
  • Autocad Advance Steel
  • Autocad Architecture
  • Autocad Civil 3d
  • Autocad Electrical
  • Autocad Mechanical
  • Autocad Mep
  • Autocad Plant 3d
Microsoft
  • Windows

Configuration 1 [-]

AND
OR cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

No data.

References
Link Providers
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019 cve-icon cve-icon
History

Tue, 15 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00044}

 epss

{'score': 0.00062}

Fri, 11 Apr 2025 17:45:00 +0000

Type Values Removed Values Added
References

Fri, 11 Apr 2025 17:15:00 +0000

Type Values Removed Values Added
References

Mon, 03 Feb 2025 18:45:00 +0000

Type Values Removed Values Added
References

Mon, 03 Feb 2025 17:30:00 +0000

Type Values Removed Values Added
References

Fri, 01 Nov 2024 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Autodesk
Autodesk autocad
Autodesk autocad Advance Steel
Autodesk autocad Architecture
Autodesk autocad Civil 3d
Autodesk autocad Electrical
Autodesk autocad Mechanical
Autodesk autocad Mep
Autodesk autocad Plant 3d
Microsoft
Microsoft windows
CPEs cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Autodesk
Autodesk autocad
Autodesk autocad Advance Steel
Autodesk autocad Architecture
Autodesk autocad Civil 3d
Autodesk autocad Electrical
Autodesk autocad Mechanical
Autodesk autocad Mep
Autodesk autocad Plant 3d
Microsoft
Microsoft windows

Wed, 30 Oct 2024 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 29 Oct 2024 21:30:00 +0000

Type Values Removed Values Added
Description A maliciously crafted CATPART file when parsed in CC5Dll.dll through Autodesk AutoCAD can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Title Autodesk AutoCAD ACTranslators CATPART File Parsing Out-Of-Bounds Read Vulnerability
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}
cve-icon MITRE

Status: PUBLISHED

Assigner: autodesk

Published: 2024-10-29T21:14:55.716Z

Updated: 2025-04-25T20:30:38.082Z

Reserved: 2024-10-10T19:01:38.304Z

Link: CVE-2024-9827

cve-icon Vulnrichment

Updated: 2024-10-30T14:02:22.871Z

cve-icon NVD

Status : Modified

Published: 2024-10-29T22:15:09.100

Modified: 2025-04-11T17:15:42.070

Link: CVE-2024-9827

cve-icon Redhat

No data.