CVE-2022-3160 HIGH

CVE-2022-3160

Vendor Siemens

Product JT2Go

Weakness CWE-122

Published January 13, 2023

Last update January 16, 2025

View on NVD All CVEs

CVSS base score

7.8/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

The APDFL.dll contains an out-of-bounds write past the fixed-length heap-based buffer while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.

Key dates

02Disclosure timeline

January 13, 2023 CVE published

January 16, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-3160 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/122.html

Related vulnerabilities

Identifiers

CVE CVE-2022-3160

CWE CWE-122

CVSS 7.8 / HIGH

Affected versions

Vendor Siemens

Product JT2Go

Affected < 14.1.0.5

Vendor Siemens

Product Teamcenter Visualization V13.3

Affected < 13.3.0.8

Vendor Siemens

Product Teamcenter Visualization V14.0

Affected < 14.0.0.4

Vendor Siemens

Product Teamcenter Visualization V14.1

Affected < 14.1.0.5

CVE-2022-3160

01Description

02Disclosure timeline

03References

04Related CVE