CVE-2022-29033

Name of the Vulnerable Software and Affected Versions JT2Go versions prior to V13.3.0.3 Teamcenter Visualization V13.3 versions prior to V13.3.0.3 Teamcenter Visualization V14.0 versions prior to V14.0.0.1

Description A vulnerability has been identified in the CGM NIST Loader.dll library, which is used by JT2Go and Teamcenter Visualization. The library is vulnerable to an uninitialized pointer free while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process by opening a maliciously crafted CGM, TIFF, or TG4 file.

Recommendations For JT2Go versions prior to V13.3.0.3, update to version V13.3.0.3 or later. For Teamcenter Visualization V13.3 versions prior to V13.3.0.3, update to version V13.3.0.3 or later. For Teamcenter Visualization V14.0 versions prior to V14.0.0.1, update to version V14.0.0.1 or later. As a temporary workaround, consider disabling the use of the CGM NIST Loader.dll library until a patch is available. Avoid opening specially crafted CGM files from untrusted sources.