CVE-2024-41902

A vulnerability has been identified in JT2Go (All versions < V2406.0003). The affected application contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.
References
Link Resource
https://cert-portal.siemens.com/productcert/html/ssa-626178.html Mitigation Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*

History

23 Oct 2024, 14:16

Type Values Removed Values Added
First Time Siemens jt2go
Siemens
CPE cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*
CWE CWE-787
References () https://cert-portal.siemens.com/productcert/html/ssa-626178.html - () https://cert-portal.siemens.com/productcert/html/ssa-626178.html - Mitigation, Vendor Advisory

10 Oct 2024, 12:56

Type Values Removed Values Added
Summary
  • (es) Se ha identificado una vulnerabilidad en JT2Go (todas las versiones anteriores a V2406.0003). La aplicación afectada contiene una vulnerabilidad de desbordamiento de búfer basada en pila que podría activarse al analizar archivos PDF especialmente manipulados. Esto podría permitir que un atacante ejecute código en el contexto del proceso actual.

08 Oct 2024, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-08 09:15

Updated : 2024-10-23 14:16


NVD link : CVE-2024-41902

Mitre link : CVE-2024-41902

CVE.ORG link : CVE-2024-41902


JSON object : View

Products Affected

siemens

  • jt2go
CWE
CWE-787

Out-of-bounds Write

CWE-121

Stack-based Buffer Overflow