Vulnerability Description
Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, IPT, JT, SAT, STL, STP, X_B or X_T file. NOTE: CVE-2024-3298 and CVE-2024-3299 were SPLIT from this ID.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| 3Ds | Solidworks | >= 2023, < 2024 |
Related Weaknesses (CWE)
References
- https://www.3ds.com/vulnerability/advisoriesVendor Advisory
- https://www.3ds.com/vulnerability/advisoriesVendor Advisory
FAQ
What is CVE-2024-1847?
CVE-2024-1847 is a vulnerability with a CVSS score of 7.8 (HIGH). Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the...
How severe is CVE-2024-1847?
CVE-2024-1847 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-1847?
Check the references section above for vendor advisories and patch information. Affected products include: 3Ds Solidworks.