Home

Description

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

PUBLISHED Reserved 2024-12-16 | Published 2024-12-17 | Updated 2025-08-26 | Assigner autodesk




HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Problem types

CWE-122 Heap-based Buffer Overflow

Product status

Default status
unaffected

2025 (custom) before 2025.4
affected

Default status
unaffected

2025 (custom) before 2025.4
affected

Default status
unaffected

2025 (custom) before 2025.4
affected

References

www.autodesk.com/trust/security-advisories/adsk-sa-2024-0027

cve.org (CVE-2024-12669)

nvd.nist.gov (CVE-2024-12669)

Download JSON