First published: Wed Jun 07 2023(Updated: )
Datalogics Library APDFLThe v18.0.4PlusP1e and prior contains a stack-based buffer overflow due to documents containing corrupted fonts, which could allow an attack that causes an unhandled crash during the rendering process.
Credit: ics-cert@hq.dhs.gov
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens JT2Go | <14.2.0.2 | |
Siemens Teamcenter Visualization | >=13.2.0<13.2.0.13 | |
Siemens Teamcenter Visualization | >=13.3.0<13.3.0.9 | |
Siemens Teamcenter Visualization | >=14.0<14.0.0.5 | |
Siemens Teamcenter Visualization | >=14.1<14.1.0.7 | |
Siemens Teamcenter Visualization | >=14.2<14.2.0.2 | |
Siemens JT2Go: all versions prior to V14.2.0.2 | ||
Siemens Teamcenter Visualization V13.2: all versions prior to V13.2.0.13 | ||
Siemens Teamcenter Visualization V13.3: all versions prior to V13.3.0.9 | ||
Siemens Teamcenter Visualization V14.0: all versions prior to V14.0.0.5 | ||
Siemens Teamcenter Visualization V14.1: all versions prior to V14.1.0.7 | ||
Siemens Teamcenter Visualization V14.2: all versions prior to V14.2.0.2 | ||
Datalogics Library APDFL v18.0.4PlusP1e and prior |
Siemens has released updates for the affected products and recommends updating to the latest versions: * JT2Go: Update to V14.2.0.2 https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html or later version * Teamcenter Visualization V13.2: Update to V13.2.0.13 https://support.sw.siemens.com/ or later version * Teamcenter Visualization V13.3: Update to V13.3.0.9 https://support.sw.siemens.com/ or later version * Teamcenter Visualization V14.0: Update to V14.0.0.5 https://support.sw.siemens.com/ or later version * Teamcenter Visualization V14.1: Update to V14.1.0.7 https://support.sw.siemens.com/ or later version * Teamcenter Visualization V14.2: Update to V14.2.0.2 https://support.sw.siemens.com/ or later version
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-1709 is a vulnerability found in Datalogics Library APDFL versions v18.0.4PlusP1e and prior, which allows for a stack-based buffer overflow during the rendering process.
CVE-2023-1709 occurs when documents containing corrupted fonts are processed by Datalogics Library APDFL, leading to a stack-based buffer overflow vulnerability.
The severity level of CVE-2023-1709 is rated as high, with a CVSS score of 7.8.
Siemens JT2Go versions up to 14.2.0.2 and Siemens Teamcenter Visualization versions 13.2.0.13 to 14.2.0.2 are affected by CVE-2023-1709.
To mitigate CVE-2023-1709, it is recommended to update to a patched version of Datalogics Library APDFL that addresses the stack-based buffer overflow vulnerability.