QwikSec

Security Database

CVE

CWE

Training

CVE-2023-1709

Published: Jun 7, 2023

Modified: Jan 6, 2025

PUBLISHED

CVSS v3.1

7.8

HIGH

Description

Datalogics Library APDFLThe v18.0.4PlusP1e and prior contains a stack-based buffer overflow due to documents containing corrupted fonts, which could allow an attack that causes an unhandled crash during the rendering process.

Vendor	Product	Versions
Siemens	JT2Go	affected `0 - < 14.2.0.2`
Siemens	Teamcenter Visualization	affected `13.2 - < 13.2.0.13` affected `13.3 - < 13.3.0.9` affected `14.0 - < 14.0.0.5` affected `14.1 - < 14.1.0.7` affected `14.2 - < 14.2.0.2`
Datalogics	Library APDFL	affected `0 - <= v18.0.4PlusP1e`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-11

https://cert-portal.siemens.com/productcert/html/ssa-629917.html

https://www.cisa.gov/news-events/ics-advisories/icsa-23-164-01

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.