CVE-2022-29030

Name of the Vulnerable Software and Affected Versions JT2Go versions prior to V13.3.0.3 Teamcenter Visualization V13.3 versions prior to V13.3.0.3 Teamcenter Visualization V14.0 versions prior to V14.0.0.1

Description A vulnerability has been identified in the Mono Loader.dll library, which is susceptible to an integer overflow condition when parsing specially crafted TG4 files. This issue can be exploited by an attacker to crash the application, resulting in a denial of service condition. The vulnerability can also be triggered by opening malicious files in CGM, TIFF, or TG4 formats.

Recommendations For JT2Go versions prior to V13.3.0.3, update to version V13.3.0.3 or later. For Teamcenter Visualization V13.3 versions prior to V13.3.0.3, update to version V13.3.0.3 or later. For Teamcenter Visualization V14.0 versions prior to V14.0.0.1, update to version V14.0.0.1 or later. As a temporary workaround, consider restricting access to the Mono Loader.dll library until a patch is applied. Avoid opening untrusted files in CGM, TIFF, or TG4 formats to minimize the risk of exploitation.