PT-2021-24016 · Siemens · Jt2Go+1
Mat Powell
·
Published
2021-12-14
·
Updated
2022-03-30
·
CVE-2021-44017
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
JT2Go versions prior to 13.2.0.5
Teamcenter Visualization versions prior to 13.2.0.5
Description:
A vulnerability has been identified in the Image.dll component when parsing specially crafted TIF files, allowing an out of bounds read past the end of an allocated buffer. This could enable an attacker to leak information in the context of the current process.
Recommendations:
For JT2Go versions prior to 13.2.0.5, update to version 13.2.0.5 or later to resolve the issue.
For Teamcenter Visualization versions prior to 13.2.0.5, update to version 13.2.0.5 or later to resolve the issue.
As a temporary workaround, consider restricting the use of the Image.dll component when parsing TIF files until a patch is available.
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jt2Go
Teamcenter Visualization