27 matches found
CVE-2022-41211
The CVE-2022-41211 issue concerns SAP 3D Visual Enterprise Author and SAP 3D Visual Enterprise Viewer, specifically in the parsing of DST files. Connected sources describe a Use-After-Free vulnerability in DST file parsing that can lead to Remote Code Execution. Exploitation typically requires us...
CVE-2022-41174
CVE-2022-41174 affects SAP 3D Visual Enterprise Author (version 9) and is caused by a lack of proper memory management that leads to a buffer overflow when opening manipulated Right Hemisphere Material (.rhm, rh.x3d) files from untrusted sources. This can cause the application to crash and become...
CVE-2022-41178
SAP 3D Visual Enterprise Author (version 9) is affected by a vulnerability in IGES parsing (.igs/.iges, CoreCadTranslator.exe) caused by improper memory management. The result is crashes and temporary unavailability of the application; some sources describe a potential for remote code execution v...
CVE-2022-39808
CVE-2022-39808 concerns SAP 3D Visual Enterprise Author v9. It stems from improper memory management while parsing Wavefront OBJ files (ObjTranslator.exe), allowing Remote Code Execution via a payload that triggers a stack-based overflow or reuse of a dangling pointer to overwritten memory space....
CVE-2022-41177
The CVE-2022-41177 issue affects SAP 3D Visual Enterprise Author (v9) where parsing of IGES/IGES-like files (.igs, .iges) can trigger memory corruption due to improper memory management. The vulnerability allows remote code execution when a victim opens a manipulated IGES file from untrusted sour...
CVE-2022-41183
SAP 3D Visual Enterprise Author (v9) contains a vulnerability in the CUR file parsing code leading to memory corruption. The ZDI advisory describes an out-of-bounds read in CUR parsing that can be triggered by opening a malicious CUR file, enabling remote code execution in the context of the affe...
CVE-2022-39804
CVE-2022-39804 affects SAP 3D Visual Enterprise Author (v9) via parsing of SLDPRT files, where CoreCadTranslator.exe may mishandle memory, enabling stack-based overflow or pointer reuse that can overwrite memory space. Connected advisories (ZDI-22-1539/1588) describe remote code execution with us...
CVE-2022-39805
SAP 3D Visual Enterprise Author (v9) is affected by a memory-management vulnerability in CGM handling via CgmTranslator.exe. The issue, described across multiple sources, allows remote code execution when a crafted CGM file from an untrusted source is opened, potentially via a stack-based overflo...
CVE-2022-41168
SAP 3D Visual Enterprise Author (v9) is affected by CVE-2022-41168 through its CATIA CATPart parsing. The underlying issue is improper memory management that can trigger remote code execution when processing a manipulated CATPart file from untrusted sources. The documented causes include a stack-...
CVE-2022-41171
SAP 3D Visual Enterprise Author, v9, is affected by a vulnerability in parsing CATIA4 MODEL files (.model) via CatiaTranslator.exe. The issue stems from improper memory management when handling manipulated MODEL data, potentially causing the application to crash or become temporarily unavailable;...
CVE-2022-41181
CVE-2022-41181 affects SAP 3D Visual Enterprise Author (v9); the issue stems from PDFPublishing.dll parsing, enabling an out-of-bounds condition in manipulated PDF files that can cause the application to crash or disclose information. ZDI documents remote information-disclosure exploitation requi...
CVE-2022-41175
CVE-2022-41175 affects SAP 3D Visual Enterprise Author v9, with the vulnerability occurring in EMF file parsing. The root cause is improper memory handling in EMF (.emf, emf.x3d) processing which can trigger Remote Code Execution when a crafted file causes a stack-based overflow or reuse of a dan...
CVE-2022-41166
CVE-2022-41166 concerns SAP 3D Visual Enterprise Author (version 9). The issue arises when handling manipulated Wavefront OBJ files (.obj) via ObjTranslator.exe, caused by improper memory management in the OBJ parsing logic. This can cause the application to crash and become temporarily unavailab...
CVE-2022-41173
SAP 3D Visual Enterprise Author v9 is affected by CVE-2022-41173 through improper memory management when parsing manipulated DXF files (AutoCAD/DXF via TeighaTranslator.exe). The issue can cause the application to crash, making it temporarily unavailable, and some connected advisories describe po...
CVE-2022-41167
SAP 3D Visual Enterprise Author (v9) contains a DWG file parsing vulnerability in TeighaTranslator.exe that can lead to Remote Code Execution. The issue stems from parsing DWG data and can be triggered by crafted files, with two related variants described as use-after-free and buffer/stack overfl...
CVE-2022-41182
SAP 3D Visual Enterprise Author (v9) is affected by a memory-management issue in parsing Parasolid X_B files, particularly in CoreCadTranslator.exe, which can cause the application to crash and become temporarily unavailable (local issue). Some connected advisories also describe related informati...
CVE-2022-39806
Summary of CVE-2022-39806 : The vulnerability affects SAP 3D Visual Enterprise Author (version 9) and specifically the parsing/handling of SolidWorks Drawing files (.slddrw) via CoreCadTranslator.exe. Root cause: improper memory management leading to a stack-based overflow or reuse of a dangling ...
CVE-2022-39807
CVE-2022-39807 affects SAP 3D Visual Enterprise Author v9. The vulnerability is a memory-management/ buffer-overflow issue in parsing SolidWorks Drawing (.sldasm) files via CoreCadTranslator.exe, potentially crashing the app and rendering it unavailable until restart. Impact is Availability (High...
CVE-2022-41172
CVE-2022-41172 affects SAP 3D Visual Enterprise Author (v9) and relates to the DXF file parsing code. The issue stems from improper memory management during parsing of DXF payloads (e.g., AutoCAD .dxf with TeighaTranslator.exe), potentially allowing Remote Code Execution via a stack-based overflo...
CVE-2022-41185
CVE-2022-41185 affects SAP 3D Visual Enterprise Author v9. A memory management vulnerability allows remote code execution when a manipulated Visual Design Stream (.vds) file containing MataiPersistence.dll is opened from untrusted sources. The issue arises from a stack-based overflow or reuse of ...
CVE-2022-41169
CVE-2022-41169 affects SAP 3D Visual Enterprise Author v9. The vulnerability stems from improper memory management while parsing CATIA5 Part files (.catpart) via CatiaTranslator.exe, allowing a crash and temporary unavailability of the application when opening manipulated files from untrusted sou...
CVE-2022-41170
SAP 3D Visual Enterprise Author is affected by CVE-2022-41170 via the parsing of MODEL files in CATIA4 Part (.model, CatiaTranslator.exe). The vulnerability is described as a write past end of an allocated buffer (out-of-bounds write) in the MODEL parser, which can lead to remote code execution. ...
CVE-2022-41179
SAP 3D Visual Enterprise Author (v9) is affected by CVE-2022-41179 due to a parsing flaw in JT files (.jt, JtTranslator.exe). The issue can trigger remote code execution via a crafted JT payload that causes a write past the end of an allocated buffer (out-of-bounds write) or a reuse of a dangling...
CVE-2022-39803
CVE-2022-39803 concerns SAP 3D Visual Enterprise Author. The issue is in the parsing of SAT files (e.g., CoreCadTranslator.exe) and is tied to improper validation leading to memory corruption, including stack-based/heap-based write conditions. Descriptions from ZDI advisories indicate that crafte...
CVE-2022-41184
CVE-2022-41184 affects SAP 3D Visual Enterprise Author v9, where parsing manipulated Windows Cursor Files (.cur, ico.x3d) can trigger a stack-based overflow or use-after-free of a dangling pointer, enabling Remote Code Execution after user opens the crafted file. Exploitation requires user intera...
CVE-2022-41176
SAP 3D Visual Enterprise Author (v9) is affected. The issue arises from improper memory management while parsing Enhanced Metafile (EMF/emf.x3d) files from untrusted sources, causing crashes and temporary unavailability (DoS). ZDI advisories also describe that crafted EMF data can lead to remote ...
CVE-2022-41180
CVE-2022-41180 concerns SAP 3D Visual Enterprise Author. Multiple connected sources (ZDI advisories) confirm a vulnerability in the PDF parsing of PDFPublishing.dll that causes an out-of-bounds write when processing crafted PDF data. The underlying issue is a parsing/memory-management flaw in the...