CVE-2022-41664

Опубликовано: 08 нояб. 2022

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected application contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.

Ссылки

https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*

Версия до 14.1.0.4 (исключая)

cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*

Версия от 13.3.0 (включая) до 13.3.0.7 (исключая)

cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*

Версия от 14.0 (включая) до 14.0.0.3 (исключая)

cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*

Версия от 14.1 (включая) до 14.1.0.4 (исключая)

EPSS

Процентиль: 21%

0.00066

Низкий

7.8 High

CVSS3

Дефекты

CWE-121

CWE-787

Связанные уязвимости

GHSA-978q-8v4p-796v

CVSS3: 7.8

github

около 3 лет назад

A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected application contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.

EPSS

Процентиль: 21%

0.00066

Низкий

7.8 High

CVSS3

Дефекты

CWE-121

CWE-787