CVE-2022-2069

Name of the Vulnerable Software and Affected Versions Siemens JT2Go versions prior to V13.3.0.5 Siemens Teamcenter Visualization versions prior to V14.0.0.2

Description The issue is related to the APDFL.dll library in Siemens JT2Go and Teamcenter Visualization, which contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process. The exploitation of this issue may also lead to denial of service by opening a maliciously crafted PDF file.

Recommendations For Siemens JT2Go versions prior to V13.3.0.5, update to version V13.3.0.5 or later. For Siemens Teamcenter Visualization versions prior to V14.0.0.2, update to version V14.0.0.2 or later. As a temporary workaround, consider avoiding the use of the APDFL.dll library until a patch is available. Restrict access to the library to minimize the risk of exploitation. Avoid opening specially crafted PDF files in the affected software until the issue is resolved.