This SAP security note addresses improper input validation when below file formats are opened in SAP 3D Visual Enterprise Viewer.
When a user opens manipulated files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
The file format details along with their CVE relevant information can be found below.
Improper Input Validation
Reason and Prerequisites
Insufficient input validation when above mentioned file formats are open in SAP 3D Visual Enterprise Viewer
This issue is fixed in the patch listed in the “Support Packages & Patches” section below. Fixes for all 3 linked CVE-IDs are comprised in the same SP Patch level.
- The following file formats have been fixed with additional validation when they are opened in SAP 3D Visual Enterprise Viewer:
- Graphics Interchange Format (.gif, 2d.x3d)
- Jupiter Tessellation (.jt, DKReader.x3d)
- Tagged Image File Format (.tif, 2d.x3d)
The SAP Note 3034457 provides release information about SAP 3D Visual Enterprise Viewer 9.0 FP12.
Available fix and Supported packages
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.