Datalogics APDFL lib memory corruption in PDF parsing
CVE-2021-38405 Published on November 21, 2023
Siemens Solid Edge, JT2Go, and Teamcenter Visualization Improper Restriction of Operations within the Bounds of a Memory Buffer
The Datalogics APDFL library used in affected products is vulnerable to memory corruption condition while parsing specially crafted PDF files. An attacker could leverage this vulnerability to execute code in the context of the current process.
Vulnerability Analysis
CVE-2021-38405 can be exploited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
What is a Buffer Overflow Vulnerability?
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
CVE-2021-38405 has been classified to as a Buffer Overflow vulnerability or weakness.
Products Associated with CVE-2021-38405
stack.watch emails you whenever new vulnerabilities are published in Siemens Teamcenter Visualization or Siemens Jt2go. Just hit a watch button to start following.
Affected Versions
Siemens JT2Go:- Before 13.2.0.7 is affected.
- Version 12.4 and below 12.4.0.13 is affected.
- Version 13.1 and below 13.1.0.8 is affected.
- Version 13.2 and below 13.2.0.7 is affected.
- Version 13.3 and below 13.3.0.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.