FBX File Parsing Out-Of-Bounds Read Vulnerability Affects Bentley View
CVE-2022-43656

3.3LOW

Key Information:

Vendor: Bentley
Status: View
Vendor: CVE Published:; 7 May 2024

What is CVE-2022-43656?

An information disclosure vulnerability exists in Bentley View due to improper handling of FBX file parsing. When a suitably crafted FBX file is opened, it can cause the software to read past the end of an allocated buffer. This flaw may enable remote attackers to reveal sensitive information from affected installations, although it necessitates user interaction to exploit. An attacker could leverage this vulnerability alongside other security issues to execute arbitrary code within the context of the current process.

Affected Version(s)

View 10.16.02.22

References

https://www.zerodayinitiative.com/advisories/ZDI-23-345/

x_research-advisory

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2024
Vulnerability Reserved
Oct 21, 2022