CVE-2024-1847

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Dassault Systèmes eDrawings (affected versions not specified)

Description The issue allows remote code execution via various file parsing vulnerabilities, including heap-based buffer overflow, memory corruption, out-of-bounds read, out-of-bounds write, stack-based buffer overflow, type confusion, uninitialized variable, and use-after-free. User interaction is required for exploitation. The estimated number of potentially affected devices worldwide is not specified.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Out of bounds Read

Use of Uninitialized Resource

Type Confusion

Memory Corruption

Use After Free

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-908CWE-843CWE-457CWE-787CWE-416CWE-122

Related Identifiers

CVE-2024-1847

ZDI-24-251

ZDI-24-252

ZDI-24-255

ZDI-24-256

ZDI-24-257

ZDI-24-258

ZDI-24-259

ZDI-24-260

ZDI-24-262

ZDI-24-263

ZDI-24-264

ZDI-24-265

ZDI-24-266

ZDI-24-268

ZDI-24-269

ZDI-24-270

ZDI-24-271

ZDI-24-272

ZDI-24-273

ZDI-24-274

ZDI-24-275

ZDI-24-276

ZDI-24-277

ZDI-24-278

ZDI-24-279

ZDI-24-280

ZDI-24-281

ZDI-24-282

ZDI-24-428

ZDI-24-430

ZDI-24-432

ZDI-24-434

Affected Products

Dassault Systèmes Edrawings

CVE-2024-1847

Weakness Enumeration

Related Identifiers

Affected Products

References · 43