CVE-2021-34332

Name of the Vulnerable Software and Affected Versions: JT2Go versions prior to V13.2 Teamcenter Visualization versions prior to V13.2

Description: A vulnerability has been identified that affects the BMP Loader.dll library in the affected applications. The issue arises from the lack of proper validation of user-supplied data when parsing BMP files. This can lead to an infinite loop condition, resulting in a denial of service condition, if a malformed input file is provided. An attacker could exploit this to consume excessive resources.

Recommendations: For JT2Go versions prior to V13.2, update to version V13.2 or later to resolve the issue. For Teamcenter Visualization versions prior to V13.2, update to version V13.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the BMP Loader.dll library until a patch is available. Avoid using the affected library to parse BMP files from untrusted sources.