CVE-2023-1709

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-1709
Datalogics Library APDFLThe v18.0.4PlusP1e and prior contains a stack-based buffer overflow due to documents containing corrupted fonts, which could allow an attack that causes an unhandled crash during the rendering process.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://cert-portal.siemens.com/productcert/html/ssa-629917.html Broken Link Vendor Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-11 Third Party Advisory US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-164-01
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*
History

14 Jun 2023, 21:15

Type Values Removed Values Added
References
  • (MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-164-01 -
CWE CWE-787 CWE-121
Summary The APDFL.dll contains a memory corruption vulnerability while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process. Datalogics Library APDFLThe v18.0.4PlusP1e and prior contains a stack-based buffer overflow due to documents containing corrupted fonts, which could allow an attack that causes an unhandled crash during the rendering process.

14 Jun 2023, 19:14

Type Values Removed Values Added
CWE CWE-121 CWE-787
CPE cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.8
References (MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-11 - (MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-11 - Third Party Advisory, US Government Resource
References (MISC) https://cert-portal.siemens.com/productcert/html/ssa-629917.html - (MISC) https://cert-portal.siemens.com/productcert/html/ssa-629917.html - Broken Link, Vendor Advisory

07 Jun 2023, 21:36

Type Values Removed Values Added
New CVE
Information

Published : 2023-06-07 21:15

Updated : 2024-02-04 23:37

NVD link : CVE-2023-1709

Mitre link : CVE-2023-1709

CVE.ORG link : CVE-2023-1709

JSON object : View

Products Affected

siemens

  • jt2go
  • teamcenter_visualization
CWE
CWE-121

Stack-based Buffer Overflow

CWE-787

Out-of-bounds Write