Headline
CVE-2021-44444
A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15052)
%PDF-1.5 %���� 1 0 obj << /D [2 0 R /XYZ 70.866 771.024 null] >> endobj 3 0 obj << /D [2 0 R /XYZ 70.866 630.026 null] >> endobj 4 0 obj << /D [2 0 R /XYZ 70.866 546.036 null] >> endobj 5 0 obj << /D [2 0 R /XYZ 70.866 356.771 null] >> endobj 6 0 obj << /D [2 0 R /XYZ 70.866 267.68 null] >> endobj 7 0 obj << /D [8 0 R /XYZ 85.039 457.35 null] >> endobj 9 0 obj << /D [10 0 R /XYZ 70.866 713.397 null] >> endobj 11 0 obj << /S /GoTo /D [2 0 R /Fit] >> endobj 2 0 obj << /Contents 12 0 R /Type /Page /Resources 13 0 R /Parent 14 0 R /Annots [15 0 R 16 0 R 17 0 R 18 0 R 19 0 R 20 0 R 21 0 R] /MediaBox [0 0 595.276 841.89] >> endobj 15 0 obj << /A << /S /URI /Type /Action /URI (https://support.sw.siemens.com/) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [303.117 446.564 446.757 457.981] >> endobj 16 0 obj << /A << /S /GoTo /D (section*.3) >> /Subtype /Link /C [1 0 0] /Type /Annot /H /I /Border [0 0 0] /Rect [302.649 421.164 433.497 433.842] >> endobj 17 0 obj << /A << /S /URI /Type /Action /URI (https://support.sw.siemens.com/) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [303.117 392.569 446.757 403.986] >> endobj 18 0 obj << /A << /S /GoTo /D (section*.3) >> /Subtype /Link /C [1 0 0] /Type /Annot /H /I /Border [0 0 0] /Rect [302.649 367.169 433.497 379.846] >> endobj 19 0 obj << /A << /S /URI /Type /Action /URI (https://www.siemens.com/cert/operational-guidelines-industrial-security) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [164.798 176.135 487.754 187.672] >> endobj 20 0 obj << /A << /S /URI /Type /Action /URI (https://www.siemens.com/industrialsecurity) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [406.699 146.367 525.406 157.784] >> endobj 13 0 obj << /ProcSet [/PDF /Text] /Font << /F55 22 0 R /F52 23 0 R >> >> endobj 12 0 obj << /Filter /FlateDecode /Length 3110 >> stream xڽZ�s�H�_��CUk2�ä��k;[ή��-gk+�"a� :�����=3 @�R�*� ���=�=��Ì�~9�yq��d3��lq?�$���icBI�l��} n�d�l��)�Qp�,����� -�rCg�oi�� '��2g�����|U-��˛9�����x{r�8�� @dF�d�9�-�’��$�<{;#!7��ɾ�� �C)8��f�’�:!���ڡ��i�B�1��� I’9�<4B부� ����n�N#¤�^2D�)��8e��h�x���!gt � g�IE�\WY�n��>c$$TN^H����h�L���1�H,��M:]R����*�L����1�@L��h�nU���C.81` �.8���� �Ƹ@bR�.�U�Iv�4K�4)9����p"(��L��H�1N����I����U��Mȣ)��� �T������Z��M.��G�i�tG0���D�t�Kr��"�%���zn�� 9��"!��� 0g^oA%����r��"�R�m�| &C6��HB^�Y E���\�^�8’��*�-��3]�ob?ը�(���$r � G]cQO�w��q v���!����x�ܐ�D���?fn����Q���4�l�HLc�ҵY�~���gO�#�� .�V6A��e\��ƥ�q���$6,`��S�N��E��)8 �����ts�+7KjJ_�u^�v��O�8�H�� XfQ�˱t0������ w�~���g�K�I �� 3zօ*�%7�� �P(X`��.TA�����n���=��\��@M�`��f���l��&~s��g_S/��D�op��sju�I�q��v�o�8�K���bn��['G����>[��Ǹ�IT٪^�?�e��C�K����6�Ž�[�({ ��ew��+\�� ��1ha�WE��_:`��]�������Ԁ��@e�#\%+r���S�dY]�{�fIY�`�l�qcnvU\�����B��ct�(�� �u v����b\� ��ZF�IӅ�Y�@##wk�G�@�Oi��F� ��/O�ޓ~�����Ve��U����~�[���`��O��nb7�’ I�;o�C�r�T<�[,���K� i�e�j�ˡ�����KZ�ٝZ{����&��� �=�!�K ͷ�����@A��n�� ����:�d��zD�6g�;�9
Related news
Proof of concept for the remote code execution vulnerability in MSDT known as Follina.