CVE-2022-29029

Name of the Vulnerable Software and Affected Versions JT2Go versions prior to V13.3.0.3 Teamcenter Visualization V13.3 versions prior to V13.3.0.3 Teamcenter Visualization V14.0 versions prior to V14.0.0.1

Description A null pointer dereference vulnerability has been identified in the CGM NIST Loader.dll while parsing specially crafted CGM files. This issue can be exploited by an attacker to crash the application, causing a denial of service condition. The vulnerability can be triggered by specially crafted CGM, TIFF, or TG4 files.

Recommendations For JT2Go versions prior to V13.3.0.3, update to version V13.3.0.3 or later to resolve the issue. For Teamcenter Visualization V13.3 versions prior to V13.3.0.3, update to version V13.3.0.3 or later to resolve the issue. For Teamcenter Visualization V14.0 versions prior to V14.0.0.1, update to version V14.0.0.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the CGM NIST Loader.dll to minimize the risk of exploitation. Avoid using the vulnerable library to parse CGM files until the issue is resolved.