CVE-2022-29032: Double Free
First published: Fri May 20 2022(Updated: )
A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library contains a double free vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens JT2Go | <13.3.0.3 | |
| Siemens Teamcenter Visualization | >=13.3<13.3.0.3 | |
| Siemens Teamcenter Visualization | >=14.0<14.0.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2022-29032?
The severity of CVE-2022-29032 is high with a severity value of 7.8.
What is the vulnerability in JT2Go and Teamcenter Visualization?
The vulnerability in JT2Go and Teamcenter Visualization is a double free vulnerability in the CGM_NIST_Loader.dll library while parsing specially crafted CGM files.
Which versions of JT2Go are affected by CVE-2022-29032?
All versions of JT2Go prior to V13.3.0.3 are affected.
Which versions of Teamcenter Visualization are affected by CVE-2022-29032?
Versions of Teamcenter Visualization prior to V13.3.0.3 and V14.0.0.1 are affected.
How can I fix the vulnerability in JT2Go and Teamcenter Visualization?
To fix the vulnerability in JT2Go and Teamcenter Visualization, it is recommended to upgrade to version V13.3.0.3 or higher for JT2Go, and version V14.0.0.1 or higher for Teamcenter Visualization.
- collector/nvd-index
- vendor/siemens
- canonical/siemens jt2go
- canonical/siemens teamcenter visualization
- version/siemens teamcenter visualization/13.3
- version/siemens teamcenter visualization/14.0