CVE-2023-33124

Name of the Vulnerable Software and Affected Versions JT2Go versions prior to V14.2.0.3 Teamcenter Visualization V13.2 versions prior to V13.2.0.13 Teamcenter Visualization V13.3 versions prior to V13.3.0.10 Teamcenter Visualization V14.0 versions prior to V14.0.0.6 Teamcenter Visualization V14.1 versions prior to V14.1.0.8 Teamcenter Visualization V14.2 versions prior to V14.2.0.3

Description The issue is related to a memory corruption vulnerability that occurs when parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process. The vulnerability is exploited when a specially crafted file is analyzed, potentially leading to the execution of arbitrary code.

Recommendations For JT2Go versions prior to V14.2.0.3, update to version V14.2.0.3 or later. For Teamcenter Visualization V13.2 versions prior to V13.2.0.13, update to version V13.2.0.13 or later. For Teamcenter Visualization V13.3 versions prior to V13.3.0.10, update to version V13.3.0.10 or later. For Teamcenter Visualization V14.0 versions prior to V14.0.0.6, update to version V14.0.0.6 or later. For Teamcenter Visualization V14.1 versions prior to V14.1.0.8, update to version V14.1.0.8 or later. For Teamcenter Visualization V14.2 versions prior to V14.2.0.3, update to version V14.2.0.3 or later. As a temporary workaround, consider avoiding the use of CGM files until the issue is resolved.