Multiple vulnerabilities in Ansys SpaceClaim



Published: 2022-09-19
Risk High
Patch available NO
Number of vulnerabilities 19
CVE-ID CVE-2022-40654
CVE-2022-40636
CVE-2022-40637
CVE-2022-40638
CVE-2022-40639
CVE-2022-40640
CVE-2022-40641
CVE-2022-40642
CVE-2022-40643
CVE-2022-40644
CVE-2022-40645
CVE-2022-40646
CVE-2022-40647
CVE-2022-40648
CVE-2022-40649
CVE-2022-40650
CVE-2022-40651
CVE-2022-40652
CVE-2022-40653
CWE-ID CWE-787
CWE-416
CWE-824
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
SpaceClaim
Client/Desktop applications / Virtualization software

Vendor ANSYS

Security Bulletin

This security bulletin contains information about 19 vulnerabilities.

1) Out-of-bounds write

EUVDB-ID: #VU67437

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-40654

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error within the parsing of X_T files. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

SpaceClaim: 2022 R1


CPE2.3 External links

http://www.zerodayinitiative.com/advisories/ZDI-22-1210/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

2) Out-of-bounds write

EUVDB-ID: #VU67455

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-40636

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error within the parsing of JT files. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

SpaceClaim: 2022 R1


CPE2.3 External links

http://www.zerodayinitiative.com/advisories/ZDI-22-1192/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

3) Use-after-free

EUVDB-ID: #VU67454

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-40637

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the parsing of JT files. A remote attacker can trick a victim to open a specially crafted file and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

SpaceClaim: 2022 R1


CPE2.3 External links

http://www.zerodayinitiative.com/advisories/ZDI-22-1193/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

4) Use-after-free

EUVDB-ID: #VU67453

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-40638

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the parsing of X_B files. A remote attacker can trick a victim to open a specially crafted file and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

SpaceClaim: 2022 R1


CPE2.3 External links

http://www.zerodayinitiative.com/advisories/ZDI-22-1194/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

5) Use-after-free

EUVDB-ID: #VU67452

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-40639

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the parsing of SKP files. A remote attacker can trick a victim to open a specially crafted file and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

SpaceClaim: 2022 R1


CPE2.3 External links

http://www.zerodayinitiative.com/advisories/ZDI-22-1195/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

6) Out-of-bounds write

EUVDB-ID: #VU67451

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-40640

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error within the parsing of X_B files. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

SpaceClaim: 2022 R1


CPE2.3 External links

http://www.zerodayinitiative.com/advisories/ZDI-22-1196/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

7) Out-of-bounds write

EUVDB-ID: #VU67450

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-40641

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error within the parsing of X_B files. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

SpaceClaim: 2022 R1


CPE2.3 External links

http://www.zerodayinitiative.com/advisories/ZDI-22-1197/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

8) Access of Uninitialized Pointer

EUVDB-ID: #VU67449

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-40642

CWE-ID: CWE-824 - Access of Uninitialized Pointer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to uninitialized pointer access within the parsing of X_B files. A remote attacker can trick a victim to open a specially crafted file and execute arbitrary code on the target system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

SpaceClaim: 2022 R1


CPE2.3 External links

http://www.zerodayinitiative.com/advisories/ZDI-22-1198/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

9) Access of Uninitialized Pointer

EUVDB-ID: #VU67448

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-40643

CWE-ID: CWE-824 - Access of Uninitialized Pointer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to uninitialized pointer access within the parsing of X_B files. A remote attacker can trick a victim to open a specially crafted file and execute arbitrary code on the target system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

SpaceClaim: 2022 R1


CPE2.3 External links

http://www.zerodayinitiative.com/advisories/ZDI-22-1199/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

10) Out-of-bounds write

EUVDB-ID: #VU67447

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-40644

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error within the parsing of X_B files. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

SpaceClaim: 2022 R1


CPE2.3 External links

http://www.zerodayinitiative.com/advisories/ZDI-22-1200/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

11) Access of Uninitialized Pointer

EUVDB-ID: #VU67446

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-40645

CWE-ID: CWE-824 - Access of Uninitialized Pointer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to uninitialized pointer access within the parsing of X_B files. A remote attacker can trick a victim to open a specially crafted file and execute arbitrary code on the target system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

SpaceClaim: 2022 R1


CPE2.3 External links

http://www.zerodayinitiative.com/advisories/ZDI-22-1201/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

12) Access of Uninitialized Pointer

EUVDB-ID: #VU67445

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-40646

CWE-ID: CWE-824 - Access of Uninitialized Pointer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to uninitialized pointer access within the parsing of X_B files. A remote attacker can trick a victim to open a specially crafted file and execute arbitrary code on the target system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

SpaceClaim: 2022 R1


CPE2.3 External links

http://www.zerodayinitiative.com/advisories/ZDI-22-1202/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

13) Out-of-bounds write

EUVDB-ID: #VU67444

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-40647

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error within the parsing of X_B files. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

SpaceClaim: 2022 R1


CPE2.3 External links

http://www.zerodayinitiative.com/advisories/ZDI-22-1203/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

14) Out-of-bounds write

EUVDB-ID: #VU67443

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-40648

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error within the parsing of X_B files. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

SpaceClaim: 2022 R1


CPE2.3 External links

http://www.zerodayinitiative.com/advisories/ZDI-22-1204/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

15) Access of Uninitialized Pointer

EUVDB-ID: #VU67442

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-40649

CWE-ID: CWE-824 - Access of Uninitialized Pointer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to uninitialized pointer access within the parsing of X_B files. A remote attacker can trick a victim to open a specially crafted file and execute arbitrary code on the target system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

SpaceClaim: 2022 R1


CPE2.3 External links

http://www.zerodayinitiative.com/advisories/ZDI-22-1205/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

16) Out-of-bounds write

EUVDB-ID: #VU67441

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-40650

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error within the parsing of X_B files. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

SpaceClaim: 2022 R1


CPE2.3 External links

http://www.zerodayinitiative.com/advisories/ZDI-22-1206/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

17) Out-of-bounds write

EUVDB-ID: #VU67440

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-40651

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error within the parsing of X_B files. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

SpaceClaim: 2022 R1


CPE2.3 External links

http://www.zerodayinitiative.com/advisories/ZDI-22-1207/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

18) Out-of-bounds write

EUVDB-ID: #VU67439

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-40652

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error within the parsing of X_B files. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

SpaceClaim: 2022 R1


CPE2.3 External links

http://www.zerodayinitiative.com/advisories/ZDI-22-1208/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

19) Out-of-bounds write

EUVDB-ID: #VU67438

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-40653

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error within the parsing of X_B files. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

SpaceClaim: 2022 R1


CPE2.3 External links

http://www.zerodayinitiative.com/advisories/ZDI-22-1209/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###