SAP 3d Visual Enterprise Viewer

Due to lack of proper memory management, when a victim opens manipulated file received

CVE-2022-41211 7.8 - High - November 08, 2022

Due to lack of proper memory management, when a victim opens manipulated file received from untrusted sources in SAP 3D Visual Enterprise Author and SAP 3D Visual Enterprise Viewer, Arbitrary Code Execution can be triggered when payload forces:Re-use of dangling pointer which refers to overwritten space in memory. The accessed memory must be filled with code to execute the attack. Therefore, repeated success is unlikely.Stack-based buffer overflow. Since the memory overwritten is random, based on access rights of the memory, repeated success is not assured.

Buffer Overflow

Due to lack of proper memory management, when a victim opens manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) file received

CVE-2022-41186 7.8 - High - October 11, 2022

Due to lack of proper memory management, when a victim opens manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, a Remote Code Execution can be triggered when payload forces a stack-based overflow and or a re-use of dangling pointer which refers to overwritten space in memory.

Buffer Overflow

Due to lack of proper memory management, when a victim opens a manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible

CVE-2022-41187 7.8 - High - October 11, 2022

Due to lack of proper memory management, when a victim opens a manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.

Buffer Overflow

Due to lack of proper memory management, when a victim opens manipulated Wavefront Object (.obj, ObjTranslator.exe) file received

CVE-2022-41188 7.8 - High - October 11, 2022

Due to lack of proper memory management, when a victim opens manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.

Buffer Overflow

Due to lack of proper memory management, when a victim opens a manipulated Visual Design Stream (.vds, vds.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible

CVE-2022-41202 7.8 - High - October 11, 2022

Due to lack of proper memory management, when a victim opens a manipulated Visual Design Stream (.vds, vds.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.

Buffer Overflow

Due to lack of proper memory management, when a victim opens a manipulated Right Hemisphere Binary (.rh, rh.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible

CVE-2022-41201 7.8 - High - October 11, 2022

Due to lack of proper memory management, when a victim opens a manipulated Right Hemisphere Binary (.rh, rh.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.

Buffer Overflow

Due to lack of proper memory management, when a victim opens a manipulated Scalable Vector Graphic (.svg, svg.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible

CVE-2022-41200 7.8 - High - October 11, 2022

Due to lack of proper memory management, when a victim opens a manipulated Scalable Vector Graphic (.svg, svg.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.

Buffer Overflow

Due to lack of proper memory management, when a victim opens a manipulated Open Inventor File (.iv, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible

CVE-2022-41199 7.8 - High - October 11, 2022

Due to lack of proper memory management, when a victim opens a manipulated Open Inventor File (.iv, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.

Buffer Overflow

Due to lack of proper memory management, when a victim opens a manipulated SketchUp (.skp, SketchUp.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible

CVE-2022-41198 7.8 - High - October 11, 2022

Due to lack of proper memory management, when a victim opens a manipulated SketchUp (.skp, SketchUp.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.

Buffer Overflow

Due to lack of proper memory management, when a victim opens a manipulated VRML Worlds (.wrl, vrml.x3d) file received

CVE-2022-41197 7.8 - High - October 11, 2022

Due to lack of proper memory management, when a victim opens a manipulated VRML Worlds (.wrl, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.

Buffer Overflow

Due to lack of proper memory management, when a victim opens a manipulated VRML Worlds (.wrl, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible

CVE-2022-41196 7.8 - High - October 11, 2022

Due to lack of proper memory management, when a victim opens a manipulated VRML Worlds (.wrl, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.

Buffer Overflow

Due to lack of proper memory management, when a victim opens a manipulated EAAmiga Interchange File Format (.iff, 2d.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible

CVE-2022-41195 7.8 - High - October 11, 2022

Due to lack of proper memory management, when a victim opens a manipulated EAAmiga Interchange File Format (.iff, 2d.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.

Buffer Overflow

Due to lack of proper memory management, when a victim opens a manipulated Encapsulated Postscript (.eps, ai.x3d) file received

CVE-2022-41194 7.8 - High - October 11, 2022

Due to lack of proper memory management, when a victim opens a manipulated Encapsulated Postscript (.eps, ai.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.

Buffer Overflow

Due to lack of proper memory management, when a victim opens a manipulated Encapsulated Post Script (.eps, ai.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible

CVE-2022-41193 7.8 - High - October 11, 2022

Due to lack of proper memory management, when a victim opens a manipulated Encapsulated Post Script (.eps, ai.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.

Buffer Overflow

Due to lack of proper memory management, when a victim opens manipulated Jupiter Tesselation (.jt, JTReader.x3d) file received

CVE-2022-41192 7.8 - High - October 11, 2022

Due to lack of proper memory management, when a victim opens manipulated Jupiter Tesselation (.jt, JTReader.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.

Buffer Overflow

Due to lack of proper memory management, when a victim opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible

CVE-2022-41191 7.8 - High - October 11, 2022

Due to lack of proper memory management, when a victim opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.

Buffer Overflow

Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dxf, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible

CVE-2022-41190 7.8 - High - October 11, 2022

Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dxf, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.

Buffer Overflow

Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dwg, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible

CVE-2022-41189 7.8 - High - October 11, 2022

Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dwg, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.

Buffer Overflow

When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files received

CVE-2022-35171 5.5 - Medium - July 12, 2022

When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below

Improper Input Validation

When a user opens manipulated Scalable Vector Graphics (.svg, svg.x3d) files received

CVE-2022-32243 5.5 - Medium - June 14, 2022

When a user opens manipulated Scalable Vector Graphics (.svg, svg.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.

Improper Input Validation

When a user opens manipulated Radiance Picture (.hdr, hdr.x3d) files received

CVE-2022-32242 5.5 - Medium - June 14, 2022

When a user opens manipulated Radiance Picture (.hdr, hdr.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.

Improper Input Validation

When a user opens manipulated Portable Document Format (.pdf, PDFView.x3d) files received

CVE-2022-32241 5.5 - Medium - June 14, 2022

When a user opens manipulated Portable Document Format (.pdf, PDFView.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.

Improper Input Validation

When a user opens manipulated Jupiter Tesselation (.jt, JTReader.x3d) files received

CVE-2022-32240 5.5 - Medium - June 14, 2022

When a user opens manipulated Jupiter Tesselation (.jt, JTReader.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.

Improper Input Validation

When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files received

CVE-2022-32239 5.5 - Medium - June 14, 2022

When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.

Improper Input Validation

When a user opens manipulated Encapsulated Post Script (.eps, ai.x3d) files received

CVE-2022-32238 5.5 - Medium - June 14, 2022

When a user opens manipulated Encapsulated Post Script (.eps, ai.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.

Improper Input Validation

When a user opens manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) files received

CVE-2022-32237 5.5 - Medium - June 14, 2022

When a user opens manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.

Improper Input Validation

When a user opens manipulated Windows Bitmap (.bmp, 2d.x3d) files received

CVE-2022-32236 5.5 - Medium - June 14, 2022

When a user opens manipulated Windows Bitmap (.bmp, 2d.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.

Improper Input Validation

When a user opens manipulated AutoCAD (.dwg, TeighaTranslator.exe) files received

CVE-2022-32235 5.5 - Medium - June 14, 2022

When a user opens manipulated AutoCAD (.dwg, TeighaTranslator.exe) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.

Improper Input Validation

When a user opens a manipulated Portable Document Format (.pdf, PDFView.x3d) received

CVE-2022-26109 6.5 - Medium - April 12, 2022

When a user opens a manipulated Portable Document Format (.pdf, PDFView.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.

Improper Input Validation

When a user opens a manipulated Picture Exchange (.pcx, 2d.x3d) received

CVE-2022-26108 6.5 - Medium - April 12, 2022

When a user opens a manipulated Picture Exchange (.pcx, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.

Improper Input Validation

When a user opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d) received

CVE-2022-26107 6.5 - Medium - April 12, 2022

When a user opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.

Improper Input Validation

When a user opens a manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) received

CVE-2022-26106 6.5 - Medium - April 12, 2022

When a user opens a manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.

Improper Input Validation

When a user opens a manipulated Photoshop Document (.psd, 2d.x3d) received

CVE-2022-27654 6.5 - Medium - April 12, 2022

When a user opens a manipulated Photoshop Document (.psd, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.

Improper Input Validation

When a user opens a manipulated Universal 3D (.u3d, 3difr.x3d) received

CVE-2022-27655 6.5 - Medium - April 12, 2022

When a user opens a manipulated Universal 3D (.u3d, 3difr.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.

Improper Input Validation

When a user opens a manipulated JPEG file format (.jpg, 2d.x3d) received

CVE-2022-22539 6.5 - Medium - February 09, 2022

When a user opens a manipulated JPEG file format (.jpg, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below.

Improper Input Validation

When a user opens a manipulated Adobe Illustrator file format (.ai, ai.x3d) received

CVE-2022-22538 6.5 - Medium - February 09, 2022

When a user opens a manipulated Adobe Illustrator file format (.ai, ai.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below.

Improper Input Validation

When a user opens a manipulated Tagged Image File Format (.tiff, 2d.x3d)) received

CVE-2022-22537 6.5 - Medium - February 09, 2022

When a user opens a manipulated Tagged Image File Format (.tiff, 2d.x3d)) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below.

When a user opens manipulated Jupiter Tessellation (.jt) file received

CVE-2021-42070 3.3 - Low - December 14, 2021

When a user opens manipulated Jupiter Tessellation (.jt) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application

Improper Input Validation

When a user opens manipulated Tagged Image File Format (.tif) file received

CVE-2021-42069 3.3 - Low - December 14, 2021

When a user opens manipulated Tagged Image File Format (.tif) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application

Memory Corruption

When a user opens a manipulated GIF (.gif) file received

CVE-2021-42068 3.3 - Low - December 14, 2021

When a user opens a manipulated GIF (.gif) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.

Improper Input Validation

When a user opens manipulated files received

CVE-2021-38174 6.5 - Medium - September 14, 2021

When a user opens manipulated files received from untrusted sources in SAP 3D Visual Enterprise Viewer version - 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received from untrusted sources which causes buffer overflow

CVE-2021-33680 6.5 - Medium - July 14, 2021

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received from untrusted sources which causes buffer overflow and causes the application to crash and becoming temporarily unavailable until the user restarts the application.

Classic Buffer Overflow

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received from untrusted sources which causes out of bounds write

CVE-2021-33681 6.5 - Medium - July 14, 2021

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received from untrusted sources which causes out of bounds write and causes the application to crash and becoming temporarily unavailable until the user restarts the application.

Memory Corruption

SAP 3D Visual Enterprise Viewer, version - 9

CVE-2021-27641 5.5 - Medium - June 09, 2021

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated TIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Improper Input Validation

SAP 3D Visual Enterprise Viewer, version - 9

CVE-2021-27638 5.5 - Medium - June 09, 2021

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated JT file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Improper Input Validation

SAP 3D Visual Enterprise Viewer, version - 9

CVE-2021-27640 5.5 - Medium - June 09, 2021

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PSD file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Improper Input Validation

SAP 3D Visual Enterprise Viewer, version - 9

CVE-2021-33661 5.5 - Medium - June 09, 2021

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Improper Input Validation

SAP 3D Visual Enterprise Viewer, version - 9

CVE-2021-33660 5.5 - Medium - June 09, 2021

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated FLI file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Improper Input Validation

SAP 3D Visual Enterprise Viewer, version - 9

CVE-2021-33659 5.5 - Medium - June 09, 2021

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated GIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Improper Input Validation

SAP 3D Visual Enterprise Viewer, version - 9

CVE-2021-27639 5.5 - Medium - June 09, 2021

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated JT file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Improper Input Validation