high
7.8
CWE
121 787 119
Advisory Published
Updated

CVE-2023-1709: Datalogics Library APDFL Stack-based Buffer Overflow

First published: Wed Jun 07 2023(Updated: )

Datalogics Library APDFLThe v18.0.4PlusP1e and prior contains a stack-based buffer overflow due to documents containing corrupted fonts, which could allow an attack that causes an unhandled crash during the rendering process.

Credit: ics-cert@hq.dhs.gov

Affected SoftwareAffected VersionHow to fix
Siemens JT2Go<14.2.0.2
Siemens Teamcenter Visualization>=13.2.0<13.2.0.13
Siemens Teamcenter Visualization>=13.3.0<13.3.0.9
Siemens Teamcenter Visualization>=14.0<14.0.0.5
Siemens Teamcenter Visualization>=14.1<14.1.0.7
Siemens Teamcenter Visualization>=14.2<14.2.0.2
Siemens JT2Go: all versions prior to V14.2.0.2
Siemens Teamcenter Visualization V13.2: all versions prior to V13.2.0.13
Siemens Teamcenter Visualization V13.3: all versions prior to V13.3.0.9
Siemens Teamcenter Visualization V14.0: all versions prior to V14.0.0.5
Siemens Teamcenter Visualization V14.1: all versions prior to V14.1.0.7
Siemens Teamcenter Visualization V14.2: all versions prior to V14.2.0.2
Datalogics Library APDFL v18.0.4PlusP1e and prior

Remedy

Siemens has released updates for the affected products and recommends updating to the latest versions: * JT2Go: Update to V14.2.0.2 https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html or later version * Teamcenter Visualization V13.2: Update to V13.2.0.13 https://support.sw.siemens.com/   or later version * Teamcenter Visualization V13.3: Update to V13.3.0.9 https://support.sw.siemens.com/   or later version * Teamcenter Visualization V14.0: Update to V14.0.0.5 https://support.sw.siemens.com/   or later version * Teamcenter Visualization V14.1: Update to V14.1.0.7 https://support.sw.siemens.com/   or later version * Teamcenter Visualization V14.2: Update to V14.2.0.2 https://support.sw.siemens.com/   or later version

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is CVE-2023-1709?

    CVE-2023-1709 is a vulnerability found in Datalogics Library APDFL versions v18.0.4PlusP1e and prior, which allows for a stack-based buffer overflow during the rendering process.

  • How does CVE-2023-1709 occur?

    CVE-2023-1709 occurs when documents containing corrupted fonts are processed by Datalogics Library APDFL, leading to a stack-based buffer overflow vulnerability.

  • What is the severity level of CVE-2023-1709?

    The severity level of CVE-2023-1709 is rated as high, with a CVSS score of 7.8.

  • Which software versions are affected by CVE-2023-1709?

    Siemens JT2Go versions up to 14.2.0.2 and Siemens Teamcenter Visualization versions 13.2.0.13 to 14.2.0.2 are affected by CVE-2023-1709.

  • How can I mitigate CVE-2023-1709?

    To mitigate CVE-2023-1709, it is recommended to update to a patched version of Datalogics Library APDFL that addresses the stack-based buffer overflow vulnerability.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203