A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15052)
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/167317/Microsoft-Office-MSDT-Follina-Proof-Of-Concept.html | Exploit Third Party Advisory VDB Entry |
https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
14 Oct 2022, 11:36
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://packetstormsecurity.com/files/167317/Microsoft-Office-MSDT-Follina-Proof-Of-Concept.html - Exploit, Third Party Advisory, VDB Entry |
02 Jun 2022, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Dec 2021, 17:26
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 3.3 |
References | (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf - Vendor Advisory | |
CPE | cpe:2.3:a:siemens:jt_open_toolkit:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:jt_utilities:*:*:*:*:*:*:*:* |
14 Dec 2021, 13:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15052) |
14 Dec 2021, 12:28
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-12-14 12:15
Updated : 2024-02-04 22:08
NVD link : CVE-2021-44444
Mitre link : CVE-2021-44444
CVE.ORG link : CVE-2021-44444
JSON object : View
Products Affected
siemens
- jt_utilities
- jt_open_toolkit
CWE
CWE-125
Out-of-bounds Read