CVE-2022-3161

CWE-119 — Buffer Overflow CWE-787 — Out-of-bounds Write CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.8HIGH

EPSS

0.1%

top 76.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Jt2go Siemens Teamcenter Visualization V13.3 Siemens Teamcenter Visualization V14.0 +2 more

Timeline

PublishedJan 13

Description

The APDFL.dll contains a memory corruption vulnerability while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages6 packages

▶CVEListV5siemens/jt2go< 14.1.0.5

▶NVDsiemens/jt2go< 14.1.0.5

▶NVDsiemens/teamcenter_visualization13.3.0 — 13.3.0.8+2

▶CVEListV5siemens/teamcenter_visualization_v13.3< 13.3.0.8

▶CVEListV5siemens/teamcenter_visualization_v14.0< 14.0.0.4

🔴Vulnerability Details

CVEList

CVE-2022-3161: The APDFL↗2023-01-13

▶

GHSA

GHSA-h7rr-pq87-v2r8: The APDFL↗2023-01-13

▶

📋Vendor Advisories

CISA

Cisco IP Phones Web Server Remote Code Execution and Denial-of-Service Vulnerability↗2021-11-03

▶