CVE-2023-33123
https://notcve.org/view.php?id=CVE-2023-33123
A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process. • https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf • CWE-125: Out-of-bounds Read •
CVE-2023-33122
https://notcve.org/view.php?id=CVE-2023-33122
A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain an out of bounds read past the end of an allocated buffer while parsing a specially crafted CGM file. This vulnerability could allow an attacker to disclose sensitive information. • https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf • CWE-125: Out-of-bounds Read •
CVE-2023-33121
https://notcve.org/view.php?id=CVE-2023-33121
A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. • https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf • CWE-476: NULL Pointer Dereference •
CVE-2023-1709 – Datalogics Library APDFL Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2023-1709
Datalogics Library APDFLThe v18.0.4PlusP1e and prior contains a stack-based buffer overflow due to documents containing corrupted fonts, which could allow an attack that causes an unhandled crash during the rendering process. • https://cert-portal.siemens.com/productcert/html/ssa-629917.html https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-11 https://www.cisa.gov/news-events/ics-advisories/icsa-23-164-01 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2022-3161
https://notcve.org/view.php?id=CVE-2022-3161
The APDFL.dll contains a memory corruption vulnerability while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process. APDFL.dll contiene una vulnerabilidad de corrupción de memoria al analizar archivos PDF especialmente manipulados. Esto podría permitir a un atacante ejecutar código en el contexto del proceso actual. • https://cert-portal.siemens.com/productcert/csaf/ssa-360681.json https://cert-portal.siemens.com/productcert/html/ssa-360681.html https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-15 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •