CVE-2022-3159

CWE-121Stack-based Buffer OverflowCWE-787Out-of-bounds Write3 documents3 sources
Severity
7.8HIGH
EPSS
0.2%
top 61.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Siemens Jt2goSiemens Teamcenter Visualization V13.3Siemens Teamcenter Visualization V14.0+2 more
Timeline
PublishedJan 13

Description

The APDFL.dll contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages6 packages

CVEListV5siemens/jt2go< 14.1.0.5
NVDsiemens/jt2go< 14.1.0.5
NVDsiemens/teamcenter_visualization13.3.013.3.0.8+2

Patches

Patch: cert-portal.siemens.comPatch: cert-portal.siemens.com

🔴Vulnerability Details

2
CVEList
CVE-2022-3159: The APDFL2023-01-13
GHSA
GHSA-gf4p-9cqm-vwpj: The APDFL2023-01-13
CVE-2022-3159 (HIGH CVSS 7.8) | The APDFL.dll contains a stack-base | cvebase.io