Lucene search

SiemensCVELIST:CVE-2021-34332

HistoryJul 13, 2021 - 11:03 a.m.

CVE-2021-34332

2021-07-1311:03:48

CWE-835

siemens

www.cve.org

vulnerability

input validation

bmp_loader.dll

jt2go

teamcenter visualization

denial of service

infinite loop

excessive resources

AI Score

6.1

Confidence

High

EPSS

0.001

Percentile

23.4%

JSON

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. A malformed input file could result in an infinite loop condition that leads to denial of service condition. An attacker could leverage this vulnerability to consume excessive resources. (CNVD-C-2021-79300)

CNA Affected

[
  {
    "product": "JT2Go",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V13.2"
      }
    ]
  },
  {
    "product": "Teamcenter Visualization",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V13.2"
      }
    ]
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf