CVE-2023-33121

Name of the Vulnerable Software and Affected Versions JT2Go versions prior to 14.2.0.3 Teamcenter Visualization V13.2 versions prior to 13.2.0.13 Teamcenter Visualization V13.3 versions prior to 13.3.0.10 Teamcenter Visualization V14.0 versions prior to 14.0.0.6 Teamcenter Visualization V14.1 versions prior to 14.1.0.8 Teamcenter Visualization V14.2 versions prior to 14.2.0.3

Description A null pointer dereference vulnerability has been identified in the affected applications while parsing specially crafted CGM files. This issue could allow an attacker to crash the application, causing a denial of service condition. The vulnerability is related to the parsing of CGM files, which can be exploited to disrupt the service.

Recommendations For JT2Go versions prior to 14.2.0.3, update to version 14.2.0.3 or later. For Teamcenter Visualization V13.2 versions prior to 13.2.0.13, update to version 13.2.0.13 or later. For Teamcenter Visualization V13.3 versions prior to 13.3.0.10, update to version 13.3.0.10 or later. For Teamcenter Visualization V14.0 versions prior to 14.0.0.6, update to version 14.0.0.6 or later. For Teamcenter Visualization V14.1 versions prior to 14.1.0.8, update to version 14.1.0.8 or later. For Teamcenter Visualization V14.2 versions prior to 14.2.0.3, update to version 14.2.0.3 or later. As a temporary workaround, consider restricting the use of CGM file parsing until a patch is available. Avoid using the affected applications to parse specially crafted CGM files until the issue is resolved.