CVE-2022-29028

Name of the Vulnerable Software and Affected Versions JT2Go versions prior to V13.3.0.3 Teamcenter Visualization V13.3 versions prior to V13.3.0.3 Teamcenter Visualization V14.0 versions prior to V14.0.0.1

Description A vulnerability has been identified in the Tiff Loader.dll, which is susceptible to an infinite loop condition when parsing specially crafted TIFF files. This could allow an attacker to crash the application, resulting in a denial of service condition. The vulnerability can be exploited by opening a maliciously crafted file, potentially leading to a denial of service.

Recommendations For JT2Go versions prior to V13.3.0.3, update to version V13.3.0.3 or later. For Teamcenter Visualization V13.3 versions prior to V13.3.0.3, update to version V13.3.0.3 or later. For Teamcenter Visualization V14.0 versions prior to V14.0.0.1, update to version V14.0.0.1 or later. As a temporary workaround, consider restricting the use of the Tiff Loader.dll until a patch is available. Avoid opening specially crafted TIFF files to minimize the risk of exploitation.