CVE-2024-3298

EPSS 0.07%
Published 04.04.2024 15:15:40
Last modified 21.11.2024 09:29:20
Source 3DS.Information-Security@3ds.c
Teams watchlist Login
Open Login

Out-Of-Bounds Write and Type Confusion vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted DWG or DXF. NOTE: this vulnerability was SPLIT from CVE-2024-1847.

Affected products Warnungen 0 Metrics 2 CWE 2 References 4

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Vendor3ds

≫

Product edrawings

Default Statusunaffected

Version <= 2023_sp5

Version 2023

Status affected

Vendor3ds

≫

Product edrawings

Default Statusunaffected

Version <= 2024_sp1

Version 2024

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.07%	0.227

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
3DS.Information-Security@3ds.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

https://www.3ds.com/vulnerability/advisories

https://nvd.nist.gov/vuln/detail/CVE-2024-3298

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-3298

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-3298

EUVD