SB2022091910 - Multiple vulnerabilities in Ansys SpaceClaim
Published: September 19, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 19 secuirty vulnerabilities.
1) Out-of-bounds write (CVE-ID: CVE-2022-40654)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within the parsing of X_T files. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
2) Out-of-bounds write (CVE-ID: CVE-2022-40636)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within the parsing of JT files. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
3) Use-after-free (CVE-ID: CVE-2022-40637)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the parsing of JT files. A remote attacker can trick a victim to open a specially crafted file and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
4) Use-after-free (CVE-ID: CVE-2022-40638)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the parsing of X_B files. A remote attacker can trick a victim to open a specially crafted file and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
5) Use-after-free (CVE-ID: CVE-2022-40639)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the parsing of SKP files. A remote attacker can trick a victim to open a specially crafted file and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
6) Out-of-bounds write (CVE-ID: CVE-2022-40640)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within the parsing of X_B files. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
7) Out-of-bounds write (CVE-ID: CVE-2022-40641)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within the parsing of X_B files. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
8) Access of Uninitialized Pointer (CVE-ID: CVE-2022-40642)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to uninitialized pointer access within the parsing of X_B files. A remote attacker can trick a victim to open a specially crafted file and execute arbitrary code on the target system.
9) Access of Uninitialized Pointer (CVE-ID: CVE-2022-40643)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to uninitialized pointer access within the parsing of X_B files. A remote attacker can trick a victim to open a specially crafted file and execute arbitrary code on the target system.
10) Out-of-bounds write (CVE-ID: CVE-2022-40644)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within the parsing of X_B files. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
11) Access of Uninitialized Pointer (CVE-ID: CVE-2022-40645)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to uninitialized pointer access within the parsing of X_B files. A remote attacker can trick a victim to open a specially crafted file and execute arbitrary code on the target system.
12) Access of Uninitialized Pointer (CVE-ID: CVE-2022-40646)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to uninitialized pointer access within the parsing of X_B files. A remote attacker can trick a victim to open a specially crafted file and execute arbitrary code on the target system.
13) Out-of-bounds write (CVE-ID: CVE-2022-40647)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within the parsing of X_B files. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
14) Out-of-bounds write (CVE-ID: CVE-2022-40648)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within the parsing of X_B files. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
15) Access of Uninitialized Pointer (CVE-ID: CVE-2022-40649)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to uninitialized pointer access within the parsing of X_B files. A remote attacker can trick a victim to open a specially crafted file and execute arbitrary code on the target system.
16) Out-of-bounds write (CVE-ID: CVE-2022-40650)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within the parsing of X_B files. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
17) Out-of-bounds write (CVE-ID: CVE-2022-40651)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within the parsing of X_B files. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
18) Out-of-bounds write (CVE-ID: CVE-2022-40652)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within the parsing of X_B files. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
19) Out-of-bounds write (CVE-ID: CVE-2022-40653)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within the parsing of X_B files. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- https://www.zerodayinitiative.com/advisories/ZDI-22-1210/
- https://www.zerodayinitiative.com/advisories/ZDI-22-1192/
- https://www.zerodayinitiative.com/advisories/ZDI-22-1193/
- https://www.zerodayinitiative.com/advisories/ZDI-22-1194/
- https://www.zerodayinitiative.com/advisories/ZDI-22-1195/
- https://www.zerodayinitiative.com/advisories/ZDI-22-1196/
- https://www.zerodayinitiative.com/advisories/ZDI-22-1197/
- https://www.zerodayinitiative.com/advisories/ZDI-22-1198/
- https://www.zerodayinitiative.com/advisories/ZDI-22-1199/
- https://www.zerodayinitiative.com/advisories/ZDI-22-1200/
- https://www.zerodayinitiative.com/advisories/ZDI-22-1201/
- https://www.zerodayinitiative.com/advisories/ZDI-22-1202/
- https://www.zerodayinitiative.com/advisories/ZDI-22-1203/
- https://www.zerodayinitiative.com/advisories/ZDI-22-1204/
- https://www.zerodayinitiative.com/advisories/ZDI-22-1205/
- https://www.zerodayinitiative.com/advisories/ZDI-22-1206/
- https://www.zerodayinitiative.com/advisories/ZDI-22-1207/
- https://www.zerodayinitiative.com/advisories/ZDI-22-1208/
- https://www.zerodayinitiative.com/advisories/ZDI-22-1209/