CVE-2023-49125

Name of the Vulnerable Software and Affected Versions Parasolid versions prior to V35.0.263 Parasolid versions prior to V35.1.252 Parasolid versions prior to V36.0.198 Solid Edge SE2023 versions prior to V223.0 Update 11 Solid Edge SE2024 versions prior to V224.0 Update 3

Description The issue is related to an out of bounds read past the end of an allocated structure while parsing specially crafted files containing XT format. This could allow an attacker to execute code in the context of the current process by exploiting the vulnerability with specially crafted XT files.

Recommendations For Parasolid versions prior to V35.0.263, update to V35.0.263 or later. For Parasolid versions prior to V35.1.252, update to V35.1.252 or later. For Parasolid versions prior to V36.0.198, update to V36.0.198 or later. For Solid Edge SE2023 versions prior to V223.0 Update 11, update to V223.0 Update 11 or later. For Solid Edge SE2024 versions prior to V224.0 Update 3, update to V224.0 Update 3 or later. As a temporary workaround, consider avoiding the use of specially crafted XT files until a patch is available.