CVE-2023-38683

Name of the Vulnerable Software and Affected Versions JT2Go versions prior to 14.2.0.5 Teamcenter Visualization V13.2 versions prior to 13.2.0.14 Teamcenter Visualization V14.1 versions prior to 14.1.0.10 Teamcenter Visualization V14.2 versions prior to 14.2.0.5

Description The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted TIFF file. This could allow an attacker to execute code in the context of the current process. The vulnerability is related to a buffer overflow issue, which can be exploited by inserting a specially formed TIFF file, potentially allowing an attacker to execute arbitrary code.

Recommendations For JT2Go versions prior to 14.2.0.5, update to version 14.2.0.5 or later. For Teamcenter Visualization V13.2 versions prior to 13.2.0.14, update to version 13.2.0.14 or later. For Teamcenter Visualization V14.1 versions prior to 14.1.0.10, update to version 14.1.0.10 or later. For Teamcenter Visualization V14.2 versions prior to 14.2.0.5, update to version 14.2.0.5 or later. As a temporary workaround, consider restricting the use of TIFF files in the affected applications until a patch is available.