Unrated severityNVD Advisory· Published Jun 25, 2024· Updated Aug 27, 2025
Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products
CVE-2024-36999
Description
A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
Affected products
10- cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*Range: 2025
- cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*Range: 2025
- cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*Range: 2025
- cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*Range: 2025
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.