Lucene search

K
cve[email protected]CVE-2022-29028
HistoryMay 20, 2022 - 1:15 p.m.

CVE-2022-29028

2022-05-2013:15:15
CWE-835
web.nvd.nist.gov
41
4
cve-2022-29028
jt2go
teamcenter visualization
tiff_loader.dll
vulnerability
infinite loop
denial of service
nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.0%

A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The Tiff_Loader.dll is vulnerable to infinite loop condition while parsing specially crafted TIFF files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

Affected configurations

NVD
Node
siemensjt2goRange<13.3.0.3
OR
siemensteamcenter_visualizationRange13.313.3.0.3
OR
siemensteamcenter_visualizationRange14.014.0.0.1

CNA Affected

[
  {
    "product": "JT2Go",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V13.3.0.3"
      }
    ]
  },
  {
    "product": "Teamcenter Visualization V13.3",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V13.3.0.3"
      }
    ]
  },
  {
    "product": "Teamcenter Visualization V14.0",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V14.0.0.1"
      }
    ]
  }
]

Social References

More

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.0%

Related for CVE-2022-29028