PT-2022-19667 · Altair · Altair Hyperview Player
Tran Van Khang
·
Published
2022-10-14
·
Updated
2022-12-19
·
CVE-2022-2951
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Altair HyperView Player versions 2021.1.0.27 and prior
Description
The issue arises from improper validation of array index during the processing of H3D files. A DWORD value extracted from a file is used as an index to write to a buffer, leading to memory corruption.
Recommendations
For versions 2021.1.0.27 and prior, update to a version later than 2021.1.0.27 to resolve the issue.
As a temporary workaround, consider restricting the processing of H3D files until a patch is available.
Fix
Improper Validation of Array Index
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Altair Hyperview Player