CVE-2024-26275

Name of the Vulnerable Software and Affected Versions JT2Go versions prior to V2312.0004 Parasolid V35.1 versions prior to V35.1.254 Parasolid V36.0 versions prior to V36.0.207 Parasolid V36.1 versions prior to V36.1.147 Teamcenter Visualization V14.2 versions prior to V14.2.0.12 Teamcenter Visualization V14.3 versions prior to V14.3.0.9 Teamcenter Visualization V2312 versions prior to V2312.0004

Description The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X T files. This could allow an attacker to execute code in the context of the current process. The issue is related to a buffer read overflow in memory, which can be exploited by an attacker using specially created X T files to execute arbitrary code.

Recommendations For JT2Go versions prior to V2312.0004, update to version V2312.0004 or later. For Parasolid V35.1 versions prior to V35.1.254, update to version V35.1.254 or later. For Parasolid V36.0 versions prior to V36.0.207, update to version V36.0.207 or later. For Parasolid V36.1 versions prior to V36.1.147, update to version V36.1.147 or later. For Teamcenter Visualization V14.2 versions prior to V14.2.0.12, update to version V14.2.0.12 or later. For Teamcenter Visualization V14.3 versions prior to V14.3.0.9, update to version V14.3.0.9 or later. For Teamcenter Visualization V2312 versions prior to V2312.0004, update to version V2312.0004 or later. As a temporary workaround, consider restricting the use of X T files until a patch is available.