CVE-2023-27913

CVSS V2 None CVSS V3 None

Description

A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can be used to cause an Integer Overflow. A malicious actor can leverage this vulnerability to cause a crash or read sensitive data, or execute arbitrary code in the context of the current process.

Overview

CVE ID
CVE-2023-27913

Assigner
psirt@autodesk.com

Vulnerability Status
Analyzed

Published Version
2023-04-14T19:15:09

Last Modified Date
2023-04-20T16:06:06

Weakness Enumerations

CWE	URL
CWE-190	http://cwe.mitre.org/data/definitions/190.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version Start	Version End
cpe:2.3:a:autodesk:autocad::::::::	1	OR	2023	2023.1.3
cpe:2.3:a:autodesk:autocad_advance_steel::::::::	1	OR	2023	2023.1.3
cpe:2.3:a:autodesk:autocad_architecture::::::::	1	OR	2023	2023.1.3
cpe:2.3:a:autodesk:autocad_civil_3d::::::::	1	OR	2023	2023.1.3
cpe:2.3:a:autodesk:autocad_electrical::::::::	1	OR	2023	2023.1.3
cpe:2.3:a:autodesk:autocad_lt::::::::	1	OR	2023	2023.1.3
cpe:2.3:a:autodesk:autocad_map_3d::::::::	1	OR	2023	2023.1.3
cpe:2.3:a:autodesk:autocad_mechanical::::::::	1	OR	2023	2023.1.3
cpe:2.3:a:autodesk:autocad_mep::::::::	1	OR	2023	2023.1.3
cpe:2.3:a:autodesk:autocad_plant_3d::::::::	1	OR	2023	2023.1.3

References

Reference URL	Reference Tags
https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0005

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-27913
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27913

History

Created	Old Value	New Value	Data Type	Notes
2023-04-17 04:44:50				Added to TrackCVE
2023-04-19 17:01:12	Awaiting Analysis	Undergoing Analysis	Vulnerability Status	updated
2023-04-20 17:01:04		2023-04-20T16:06:06	CVE Modified Date	updated
2023-04-20 17:01:04	Undergoing Analysis	Analyzed	Vulnerability Status	updated
2023-04-20 17:01:05			Weakness Enumeration	new
2023-04-20 17:01:08			CPE Information	updated