CVE-2023-38683
published 2023-08-08CVE-2023-38683: A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Teamcenter Visualization V13.2 (All versions < V13.2.0.14), Teamcenter Visualization…
high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Teamcenter Visualization V13.2 (All versions < V13.2.0.14), Teamcenter Visualization V14.1 (All versions < V14.1.0.10), Teamcenter Visualization V14.2 (All versions < V14.2.0.5). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted TIFF file. This could allow an attacker to execute code in the context of the current process.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | jt2go | < 14.2.0.5 | 14.2.0.5 |
| siemens | jt2go | — | — |
| siemens | teamcenter_visualization | >= 14.1 < 14.1.0.10 | 14.1.0.10 |
| siemens | teamcenter_visualization | >= 14.2 < 14.2.0.5 | 14.2.0.5 |
| siemens | teamcenter_visualization_v13.2 | — | — |
| siemens | teamcenter_visualization_v14.1 | — | — |
| siemens | teamcenter_visualization_v14.2 | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.8HIGH