Vulnerabilities > CVE-2022-2950 - Use of Uninitialized Resource vulnerability in Altair Hyperview Player 2021.1.0.27

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
altair
CWE-908

Summary

Altair HyperView Player versions 2021.1.0.27 and prior are vulnerable to the use of uninitialized memory vulnerability during parsing of H3D files. A DWORD is extracted from an uninitialized buffer and, after sign extension, is used as an index into a stack variable to increment a counter leading to memory corruption.

Vulnerable Configurations

Part Description Count
Application
Altair
1

Common Weakness Enumeration (CWE)