CVE-2024-23137

A maliciously crafted STP or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.

Weakness

The code uses a variable that has not been initialized, leading to unpredictable or unintended results.

Affected Software

Name	Vendor	Start Version	End Version
Autocad	Autodesk	2021 (including)	2021.1.4 (excluding)
Autocad	Autodesk	2022 (including)	2022.1.4 (excluding)
Autocad	Autodesk	2023 (including)	2023.1.5 (excluding)
Autocad	Autodesk	2024 (including)	2024.1.3 (excluding)
Autocad	Autodesk	2025 (including)	2025.0.1 (excluding)

Potential Mitigations

References

https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009

NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-23137
CWE	https://cwe.mitre.org/data/definitions/457.html

Use of Uninitialized Variable

Weakness

Affected Software

Potential Mitigations

References