Vulnerability Details : CVE-2019-7359
An exploitable heap overflow vulnerability in the AcCellMargin handling code in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file with too many cell margins populating an AcCellMargin object may cause a heap overflow, resulting in code execution.
Vulnerability category: Memory Corruption
Products affected by CVE-2019-7359
- cpe:2.3:a:autodesk:autocad:2018:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_electrical:2018:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_lt:2018:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mechanical:2018:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_map_3d:2018:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mep:2018:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_plant_3d:2018:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_p\&id:2018:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_architecture:2018:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:advance_steel:2018:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:civil_3d:2018:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-7359
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 37 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-7359
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2019-7359
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-7359
-
https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001
Security Advisories | Autodesk Trust CenterVendor Advisory
Jump to