PT-2023-19859 · Autodesk · Autodesk Infraworks

Published

2023-05-12

Updated

2023-05-26

CVE-2023-25005

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Autodesk InfraWorks versions 2021 through 2023

Description A maliciously crafted DLL file can be forced to read beyond allocated boundaries when parsing the DLL files, potentially leading to a resource injection issue.

Recommendations For Autodesk InfraWorks version 2021, update to a version that includes the necessary security patches. For Autodesk InfraWorks version 2023, apply the recommended security fixes to prevent exploitation. As a temporary workaround, consider restricting access to DLL files until a patch is available.

Fix

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-427

Related Identifiers

CVE-2023-25005

Affected Products

Autodesk Infraworks

PT-2023-19859 · Autodesk · Autodesk Infraworks

CVE-2023-25005

Weakness Enumeration

Related Identifiers

Affected Products

References · 5