CVE-2022-41278

CWE-476 — NULL Pointer Dereference CWE-401 — Memory Leak CWE-131 CWE-416 — Use After Free CWE-567 CWE-843 CWE-923 CWE-705 CWE-415 CWE-120 — Classic Buffer Overflow CWE-68121 documents4 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 66.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

6

Siemens Jt2go Siemens Teamcenter Visualization Siemens Teamcenter Visualization V13.2 +3 more

Timeline

PublishedDec 13

Latest updateMay 1

Description

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application ca…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:LExploitability: 1.8 | Impact: 1.4

Affected Packages7 packages

▶NVDsiemens/teamcenter_visualization13.2.0 — 13.2.0.12+3

▶CVEListV5siemens/teamcenter_visualization_v13.2All versions < V13.2.0.12

▶CVEListV5siemens/teamcenter_visualization_v13.3All versions < V13.3.0.8

▶CVEListV5siemens/teamcenter_visualization_v14.0All versions < V14.0.0.4

▶CVEListV5siemens/teamcenter_visualization_v14.1All versions < V14.1.0.6

🔴Vulnerability Details

2

GHSA

GHSA-q45p-5p7p-5wgv: A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13↗2022-12-13

▶

CVEList

CVE-2022-41278: A vulnerability has been identified in JT2Go (All versions < V14↗2022-12-13

▶

📋Vendor Advisories

18

Red Hat

kernel: net: sched: Fix use after free in red_enqueue()↗2025-05-01

▶

Red Hat

kernel: ipv4: Fix data-races around sysctl_fib_multipath_hash_fields.↗2025-02-26

▶

Red Hat

kernel: usbnet: fix memory leak in error case↗2025-02-26

▶

Red Hat

kernel: igb: Initialize mailbox message for VF reset↗2024-10-21

▶

Red Hat

kernel: Use-after-Free/Double-Free bug in read_bbreg_hdl in drivers/staging/rtl8712/rtl8712_cmd.c↗2022-11-18

▶