CVE-2024-1848

Name of the Vulnerable Software and Affected Versions SOLIDWORKS Desktop version 2024

Description Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, DWG, DXF, IPT, JT, SAT, SLDDRW, SLDPRT, STL, STP, X B or X T file.

Recommendations As a temporary workaround, consider limiting file handler access and monitoring local activities until a patch is available from the vendor. At the moment, there is no information about a newer version that contains a fix for this vulnerability.