Description
The Datalogics APDFL library used in affected products is vulnerable to memory corruption condition while parsing specially crafted PDF files. An attacker could leverage this vulnerability to execute code in the context of the current process.
References (2)
Core 2
Core References
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-22-041-07
Scores
CVSS v3
7.8
EPSS
0.0008
EPSS Percentile
23.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
CWE-787
Status
published
Products (3)
siemens/jt2go
< 13.2.0.7
siemens/teamcenter_visualization
13.3.0
siemens/teamcenter_visualization
13.1.0 - 13.1.0.8
Published
Nov 21, 2023
Tracked Since
Feb 18, 2026