Siemens Jt2go and Siemens Teamcenter Visualization Buffer Over Read Vulnerability (CNVD-2021-53357)

Siemens Jt2go and Siemens Teamcenter Visualization are both products of Siemens AG, Germany. Siemens Jt2go is a JT file viewer. Siemens Teamcenter Visualization is a software that provides team collaboration capabilities for designing 2D and 3D scenes. A buffer over-read vulnerability exists in Siemens JT2Go versions prior to 13.2 and Teamcenter Visualization versions prior to 13.2, which stems from the failure of the BMP_Loader.dll library to properly validate user-supplied data when parsing BMP files, and could be exploited to leak information in the context of the current process. The vulnerability can be exploited to leak information in the context of the current process.