CVE-2022-27655

Name of the Vulnerable Software and Affected Versions SAP 3D Visual Enterprise Viewer version 9.0

Description The issue occurs when a user opens a manipulated Universal 3D (.u3d, 3difr.x3d) file from untrusted sources, causing the application to crash and become temporarily unavailable until it is restarted. This is related to out-of-bounds write and read vulnerabilities during U3D file parsing.

Recommendations For SAP 3D Visual Enterprise Viewer version 9.0, avoid opening .u3d or 3difr.x3d files from untrusted sources to prevent the application from crashing. As a temporary workaround, consider restricting the use of the U3D file parsing functionality until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.