CVE-2024-1847

Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, IPT, JT, SAT, STL, STP, X_B or X_T file. NOTE: CVE-2024-3298 and CVE-2024-3299 were SPLIT from this ID.

Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, IPT, JT, SAT, STL, STP, X_B or X_T file. NOTE: CVE-2024-3298 and CVE-2024-3299 were SPLIT from this ID.

Existen vulnerabilidades de desbordamiento de búfer de almacenamiento dinámico, corrupción de memoria, lectura fuera de los límites, escritura fuera de los límites, desbordamiento de búfer en la región stack de la memoria, confusión de tipos, variable no inicializada y Use-After-Free vulnerabilidades en el procedimiento de lectura de archivos en eDrawings desde Lanzamiento de SOLIDWORKS 2023 a lanzamiento de SOLIDWORKS 2024. Estas vulnerabilidades podrían permitir a un atacante ejecutar código arbitrario al abrir un archivo CATPART, DWG, DXF, IPT, JT, SAT, SLDDRW, SLDPRT, STL, STP, X_B o X_T especialmente manipulado.