CVE-2022-29028Infinite Loop in Siemens Jt2go

CWE-835Infinite Loop3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.2%
top 62.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Siemens Jt2goSiemens Teamcenter VisualizationSiemens Teamcenter Visualization V13.3+1 more
Timeline
PublishedMay 20
Latest updateMay 21

Description

A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The Tiff_Loader.dll is vulnerable to infinite loop condition while parsing specially crafted TIFF files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

NVDsiemens/teamcenter_visualization13.313.3.0.3+1
CVEListV5siemens/teamcenter_visualization_v13.3All versions < V13.3.0.3
CVEListV5siemens/teamcenter_visualization_v14.0All versions < V14.0.0.1
NVDsiemens/jt2go< 13.3.0.3
CVEListV5siemens/jt2goAll versions < V13.3.0.3

Patches

Patch: cert-portal.siemens.comPatch: cert-portal.siemens.com

🔴Vulnerability Details

2
GHSA
GHSA-6r93-m2cp-hhmf: A vulnerability has been identified in JT2Go (All versions < V132022-05-21
CVEList
CVE-2022-29028: A vulnerability has been identified in JT2Go (All versions < V132022-05-10
CVE-2022-29028 — Infinite Loop in Siemens Jt2go | cvebase