CVE-2022-26106

Name of the Vulnerable Software and Affected Versions SAP 3D Visual Enterprise Viewer version 9.0

Description The issue occurs when a user opens a manipulated Computer Graphics Metafile (.cgm) in SAP 3D Visual Enterprise Viewer, causing the application to crash and become temporarily unavailable until it is restarted. This happens due to an out-of-bounds write error during the parsing of CGM files, potentially allowing remote code execution.

Recommendations For SAP 3D Visual Enterprise Viewer version 9.0, consider avoiding the use of the CgmCore.dll module when handling CGM files from untrusted sources until a patch is available. As a temporary workaround, restrict the opening of CGM files in the application to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.