CVE-2023-38075

Name of the Vulnerable Software and Affected Versions JT2Go versions prior to V14.3.0.1 Teamcenter Visualization V13.3 versions prior to V13.3.0.12 Teamcenter Visualization V14.0 all versions Teamcenter Visualization V14.1 versions prior to V14.1.0.11 Teamcenter Visualization V14.2 versions prior to V14.2.0.6 Teamcenter Visualization V14.3 versions prior to V14.3.0.1 Tecnomatix Plant Simulation V2201 versions prior to V2201.0010 Tecnomatix Plant Simulation V2302 versions prior to V2302.0004

Description The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted WRL files. An attacker could leverage this vulnerability to execute code in the context of the current process.

Recommendations For JT2Go versions prior to V14.3.0.1, update to version V14.3.0.1 or later. For Teamcenter Visualization V13.3 versions prior to V13.3.0.12, update to version V13.3.0.12 or later. For Teamcenter Visualization V14.0 all versions, update to a version that is not affected. For Teamcenter Visualization V14.1 versions prior to V14.1.0.11, update to version V14.1.0.11 or later. For Teamcenter Visualization V14.2 versions prior to V14.2.0.6, update to version V14.2.0.6 or later. For Teamcenter Visualization V14.3 versions prior to V14.3.0.1, update to version V14.3.0.1 or later. For Tecnomatix Plant Simulation V2201 versions prior to V2201.0010, update to version V2201.0010 or later. For Tecnomatix Plant Simulation V2302 versions prior to V2302.0004, update to version V2302.0004 or later. As a temporary workaround, consider restricting the use of WRL files until a patch is available.