How severe is CVE-2022-40636?

This vulnerability has a severity rating of HIGH with a CVSS score of 7 out of 10.

What type of vulnerability is CVE-2022-40636?

This is classified as CWE-125, which is a common weakness in software security.

CVE-2022-40636 - HIGH Severity | CVSS 7

Vulnerability Description

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17044.

Related Vulnerabilities

CVE-2017-11600

HIGH

CVSS:7.0(High)

net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local ...

CWE-1252017

CVE-2018-16667

HIGH

CVSS:7.0(High)

An issue was discovered in Contiki-NG through 4.1. There is a buffer over-read in lookup in os/storage/antelope/lvm.c while parsing AQL (lvm_register_variable, lvm_set_variable_value, create_intersect...

CWE-1252018

CVE-2018-6969

HIGH

CVSS:7.0(High)

VMware Tools (10.x and prior before 10.3.0) contains an out-of-bounds read vulnerability in HGFS. Successful exploitation of this issue may lead to information disclosure or may allow attackers to esc...

CWE-1252018

CVE-2020-11179

HIGH

CVSS:7.0(High)

Arbitrary read and write to kernel addresses by temporarily overwriting ring buffer pointer and creating a race condition. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon C...

CWE-1252020

CVE-2020-6061

HIGH

CVSS:7.0(High)

An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other mis...

CWE-1252020

CVE-2022-41745

HIGH

CVSS:7.0(High)

An Out-of-Bounds access vulnerability in Trend Micro Apex One could allow a local attacker to create a specially crafted message to cause memory corruption on a certain service process which could lea...

CWE-1252022