SB2022071906 - Multiple vulnerabilities in Bentley MicroStation and Bentley View
Published: July 19, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 7 secuirty vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2022-35900)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing JP2 files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
2) Out-of-bounds read (CVE-ID: CVE-2022-35906)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing DGN files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
3) Out-of-bounds read (CVE-ID: CVE-2022-35905)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing FBX files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
4) Out-of-bounds read (CVE-ID: CVE-2022-35904)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing IFC files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
5) Out-of-bounds read (CVE-ID: CVE-2022-35903)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing 3DS files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
6) Out-of-bounds read (CVE-ID: CVE-2022-35902)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing OBJ files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
7) Out-of-bounds read (CVE-ID: CVE-2022-35901)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing J2K files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
Remediation
Install update from vendor's website.
References
- https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0015
- https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0011
- https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0012
- https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0013
- https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0010
- https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0016
- https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0014