CVE-2022-3159

The APDFL.dll contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.

CVSS v3.0 7.8 HIGH

7.8^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-15	Third Party Advisory US Government Resource
https://cert-portal.siemens.com/productcert/html/ssa-360681.html	Patch Third Party Advisory
https://cert-portal.siemens.com/productcert/csaf/ssa-360681.json	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:siemens:teamcenter_visualization::::::::
	cpe:2.3:a:siemens:teamcenter_visualization::::::::
	cpe:2.3:a:siemens:teamcenter_visualization::::::::
	cpe:2.3:a:siemens:jt2go::::::::

Information

Published : 2023-01-12 17:15

Updated : 2023-01-23 10:33

NVD link : CVE-2022-3159

Mitre link : CVE-2022-3159

JSON object : View

CWE

CWE-787

Out-of-bounds Write

Products Affected

siemens

jt2go
teamcenter_visualization

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-15", "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-15", "tags": ["Third Party Advisory", "US Government Resource"], "refsource": "MISC"}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-360681.html", "name": "https://cert-portal.siemens.com/productcert/html/ssa-360681.html", "tags": ["Patch", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-360681.json", "name": "https://cert-portal.siemens.com/productcert/csaf/ssa-360681.json", "tags": ["Third Party Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The APDFL.dll contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-787"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-3159", "ASSIGNER": "ics-cert@hq.dhs.gov"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}}, "publishedDate": "2023-01-13T01:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "13.3.0.8", "versionStartIncluding": "13.3.0"}, {"cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "14.1.0.5", "versionStartIncluding": "14.1"}, {"cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "14.0.0.4", "versionStartIncluding": "14.0.0"}, {"cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "14.1.0.5"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-01-23T18:33Z"}

7.8 /10