CVE-2023-38071

Name of the Vulnerable Software and Affected Versions JT2Go versions prior to V14.3.0.1 Teamcenter Visualization V13.3 versions prior to V13.3.0.12 Teamcenter Visualization V14.0 versions Teamcenter Visualization V14.1 versions prior to V14.1.0.11 Teamcenter Visualization V14.2 versions prior to V14.2.0.6 Teamcenter Visualization V14.3 versions prior to V14.3.0.1 Tecnomatix Plant Simulation V2201 versions prior to V2201.0010 Tecnomatix Plant Simulation V2302 versions prior to V2302.0004

Description The issue is related to a heap-based buffer overflow in the affected applications when parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.

Recommendations For JT2Go versions prior to V14.3.0.1, update to version V14.3.0.1 or later. For Teamcenter Visualization V13.3 versions prior to V13.3.0.12, update to version V13.3.0.12 or later. For Teamcenter Visualization V14.0, apply the recommended patch or update. For Teamcenter Visualization V14.1 versions prior to V14.1.0.11, update to version V14.1.0.11 or later. For Teamcenter Visualization V14.2 versions prior to V14.2.0.6, update to version V14.2.0.6 or later. For Teamcenter Visualization V14.3 versions prior to V14.3.0.1, update to version V14.3.0.1 or later. For Tecnomatix Plant Simulation V2201 versions prior to V2201.0010, update to version V2201.0010 or later. For Tecnomatix Plant Simulation V2302 versions prior to V2302.0004, update to version V2302.0004 or later. As a temporary workaround, consider restricting the use of WRL files in the affected applications until a patch is available.