Hyperview Player
CVE-2022-2949
HIGH
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Altair HyperView Player versions 2021.1.0.27 and prior are vulnerable to the use of uninitialized memory vulnerability during parsing of H3D files. A DWORD is extracted from an uninitialized buffer and, after sign extension, is used as an index into a stack variable to increment a counter leading to memory corruption.
AnalysisAI
Altair HyperView Player versions 2021.1.0.27 and prior are vulnerable to the use of uninitialized memory vulnerability during parsing of H3D files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.
Technical ContextAI
This vulnerability is classified as Use of Uninitialized Resource (CWE-908), which allows attackers to access uninitialized memory causing crashes or information disclosure. Altair HyperView Player versions 2021.1.0.27 and prior are vulnerable to the use of uninitialized memory vulnerability during parsing of H3D files. A DWORD is extracted from an uninitialized buffer and, after sign extension, is used as an index into a stack variable to increment a counter leading to memory corruption. Affected products include: Altair Hyperview Player.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Initialize all variables, use compiler warnings for uninitialized access, use memory-safe languages.
More in Hyperview Player
View allAltair HyperView Player versions 2021.1.0.27 and prior are vulnerable to improper validation of array index vulnerabilit
Altair HyperView Player versions 2021.1.0.27 and prior are vulnerable to the use of uninitialized memory vulnerability d
Altair HyperView Player versions 2021.1.0.27 and prior perform operations on a memory buffer but can read from or write
Same weakness CWE-908 – Use of Uninitialized Resource
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today