PT-2022-3375 · Siemens · Jt2Go+1

Published

2022-04-11

Updated

2022-05-26

CVE-2022-29032

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions JT2Go versions prior to V13.3.0.3 Teamcenter Visualization V13.3 versions prior to V13.3.0.3 Teamcenter Visualization V14.0 versions prior to V14.0.0.1

Description The issue is related to a double free vulnerability in the CGM NIST Loader.dll library when parsing CGM files. This can be exploited by an attacker using specially crafted CGM, TIFF, or TG4 files to execute arbitrary code in the context of the current process.

Recommendations For JT2Go versions prior to V13.3.0.3, update to version V13.3.0.3 or later. For Teamcenter Visualization V13.3 versions prior to V13.3.0.3, update to version V13.3.0.3 or later. For Teamcenter Visualization V14.0 versions prior to V14.0.0.1, update to version V14.0.0.1 or later.

Fix

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

BDU:2022-04144

CVE-2022-29032

Affected Products

Jt2Go

Teamcenter Visualization

PT-2022-3375 · Siemens · Jt2Go+1

CVE-2022-29032

Weakness Enumeration

Related Identifiers

Affected Products

References · 6