CVE-2023-1709

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-1709
Datalogics Library APDFLThe v18.0.4PlusP1e and prior contains a stack-based buffer overflow due to documents containing corrupted fonts, which could allow an attack that causes an unhandled crash during the rendering process.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://cert-portal.siemens.com/productcert/html/ssa-629917.html Broken Link Vendor Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-11 Third Party Advisory US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-164-01
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*
History

14 Jun 2023, 21:15

Type Values Removed Values Added
References
  • (MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-164-01 -
Summary The APDFL.dll contains a memory corruption vulnerability while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process. Datalogics Library APDFLThe v18.0.4PlusP1e and prior contains a stack-based buffer overflow due to documents containing corrupted fonts, which could allow an attack that causes an unhandled crash during the rendering process.
CWE CWE-787 CWE-121

14 Jun 2023, 19:14

Type Values Removed Values Added
First Time Siemens jt2go
Siemens teamcenter Visualization
Siemens
CWE CWE-121 CWE-787
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.8
References (MISC) https://cert-portal.siemens.com/productcert/html/ssa-629917.html - (MISC) https://cert-portal.siemens.com/productcert/html/ssa-629917.html - Broken Link, Vendor Advisory
References (MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-11 - (MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-11 - Third Party Advisory, US Government Resource
CPE cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*

07 Jun 2023, 21:36

Type Values Removed Values Added
New CVE
Information

Published : 2023-06-07 21:15

Updated : 2024-02-28 20:13

NVD link : CVE-2023-1709

Mitre link : CVE-2023-1709

CVE.ORG link : CVE-2023-1709

JSON object : View

Products Affected

siemens

  • teamcenter_visualization
  • jt2go
CWE
CWE-121

Stack-based Buffer Overflow

CWE-787

Out-of-bounds Write