CVE-2022-3160

Description

The APDFL.dll contains an out-of-bounds write past the fixed-length heap-based buffer while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

Siemens / JT2Go0 – 14.1.0.5
Siemens / Teamcenter Visualization V13.30 – 13.3.0.8
Siemens / Teamcenter Visualization V14.00 – 14.0.0.4
Siemens / Teamcenter Visualization V14.10 – 14.1.0.5

References

VENDOR_ADVISORYhttps://www.cisa.gov/uscert/ics/advisories/icsa-22-349-15
MISChttps://cert-portal.siemens.com/productcert/html/ssa-360681.html
MISChttps://cert-portal.siemens.com/productcert/csaf/ssa-360681.json