CVE-2023-39182

Name of the Vulnerable Software and Affected Versions Solid Edge SE2023 versions prior to V223.0 Update 7

Description A vulnerability has been identified in the affected applications, which contain an out of bounds read past the end of an allocated structure while parsing specially crafted DFT files. This could allow an attacker to execute code in the context of the current process. The issue is related to a buffer overflow in memory, which can be exploited using specially formed DFT files, potentially allowing an attacker to execute arbitrary code.

Recommendations For versions prior to V223.0 Update 7, update to V223.0 Update 7 or later to resolve the issue. As a temporary workaround, consider restricting the use of DFT files or disabling the parsing of such files until a patch is applied. Avoid using specially crafted DFT files in the affected applications until the issue is resolved.