Vulnerabilities > CVE-2022-2949 - Use of Uninitialized Resource vulnerability in Altair Hyperview Player 2021.1.0.27

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

altair

CWE-908

NVD

Published: 2022-12-13

Updated: 2023-11-07

Summary

Altair HyperView Player versions 2021.1.0.27 and prior are vulnerable to the use of uninitialized memory vulnerability during parsing of H3D files. A DWORD is extracted from an uninitialized buffer and, after sign extension, is used as an index into a stack variable to increment a counter leading to memory corruption.

Vulnerable Configurations

Part	Description	Count
Application	Altair Altair Hyperview Player 2021.1.0.27	1

Common Weakness Enumeration (CWE)

CWE-908 - Use of Uninitialized Resource

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-284-01