CVE-2024-3298

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions eDrawings versions Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024

Description The issue exists in the file reading procedure, allowing an attacker to execute arbitrary code while opening a specially crafted DWG or DXF file. This could be achieved through Out-Of-Bounds Write and Type Confusion vulnerabilities.

Recommendations For versions Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024, consider disabling the file reading procedure for DWG and DXF files until a patch is available. Restrict access to the file parsing module to minimize the risk of exploitation. Avoid opening specially crafted DWG or DXF files with the affected eDrawings versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Type Confusion

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-843CWE-787

Related Identifiers

CVE-2024-3298

ZDI-24-250

ZDI-24-254

ZDI-24-429

ZDI-24-431

ZDI-24-433

ZDI-24-435

ZDI-24-436

ZDI-24-437

ZDI-24-438

Affected Products

Edrawings

CVE-2024-3298

Weakness Enumeration

Related Identifiers

Affected Products

References · 13