Skip to main content

Revit CVE-2024-11268

MEDIUM
Out-of-bounds Read (CWE-125)
2024-12-09 psirt@autodesk.com
5.5
CVSS 3.1 · Vendor: autodesk
Share

Severity by source

Vendor (autodesk) PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from Vendor (autodesk) · only source for this CVE.

CVSS VectorVendor: autodesk

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 09, 2024 - 18:15 cve.org
MEDIUM 5.5

DescriptionCVE.org

A maliciously crafted PDF file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash or could lead to an arbitrary memory leak.

AnalysisAI

A maliciously crafted PDF file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. A maliciously crafted PDF file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash or could lead to an arbitrary memory leak. Affected products include: Autodesk Revit.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

More in Revit

View all
CVE-2025-1274 HIGH
7.8 Apr 15

A maliciously crafted RCS file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write vulnerability. Rate

CVE-2025-1275 HIGH
7.8 Apr 15

A maliciously crafted JPG file, when linked or imported into certain Autodesk applications, can force a Heap-Based Overf

CVE-2025-2497 HIGH
7.8 Apr 15

A maliciously crafted DWG file, when parsed through Autodesk Revit, can cause a Stack-Based Buffer Overflow vulnerabilit

CVE-2025-1656 HIGH
7.8 Apr 15

A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vuln

CVE-2025-1277 HIGH
7.8 Apr 15

A maliciously crafted PDF file, when parsed through Autodesk applications, can force a Memory Corruption vulnerability.

CVE-2025-1273 HIGH
7.8 Apr 15

A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vuln

CVE-2025-5036 HIGH
7.8 Jun 02

Use-After-Free vulnerability (CWE-416) in Autodesk Revit triggered by maliciously crafted RFA (Revit Family) files that

CVE-2025-1276 HIGH
7.8 Apr 15

A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vuln

CVE-2025-5037 HIGH
7.8 Jul 10

CVE-2025-5037 is a memory corruption vulnerability in Autodesk Revit triggered by parsing maliciously crafted RFA, RTE,

CVE-2025-5040 HIGH
7.8 Jul 10

CVE-2025-5040 is a heap-based buffer overflow vulnerability in Autodesk Revit's RTE file parser that allows local attack

CVE-2024-11608 HIGH
7.8 Dec 09

A maliciously crafted SKP file, when linked or imported into Autodesk Revit, can be used to cause a Heap-based Overflow.

CVE-2024-11454 HIGH
7.8 Dec 09

A maliciously crafted DLL file, when placed in the same directory as an RVT file could be loaded by Autodesk Revit, and

Share

CVE-2024-11268 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy