CVE-2023-38528

Name of the Vulnerable Software and Affected Versions Parasolid versions prior to V34.1.258 Parasolid versions prior to V35.0.254 Parasolid versions prior to V35.1.197 Teamcenter Visualization versions prior to V14.1.0.11 Teamcenter Visualization versions prior to V14.2.0.6 Teamcenter Visualization versions prior to V14.3.0.3

Description The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted X T file. This could allow an attacker to execute code in the context of the current process. The issue is related to a buffer operation that exceeds the allocated memory space, potentially enabling an attacker to run arbitrary code.

Recommendations For Parasolid versions prior to V34.1.258, update to version V34.1.258 or later. For Parasolid versions prior to V35.0.254, update to version V35.0.254 or later. For Parasolid versions prior to V35.1.197, update to version V35.1.197 or later. For Teamcenter Visualization versions prior to V14.1.0.11, update to version V14.1.0.11 or later. For Teamcenter Visualization versions prior to V14.2.0.6, update to version V14.2.0.6 or later. For Teamcenter Visualization versions prior to V14.3.0.3, update to version V14.3.0.3 or later. As a temporary workaround, consider restricting the parsing of X T files to minimize the risk of exploitation.