CVE-2021-34294: 
Siemens JT2Go vulnerability analysis and mitigation

A vulnerability has been identified in JT2Go (All versions < V13.2) and Teamcenter Visualization (All versions < V13.2). The vulnerability (CVE-2021-34294) was discovered in the Gif_loader.dll library which lacks proper validation of user-supplied data when parsing GIF files. This vulnerability was reported on March 16, 2021, and publicly disclosed on July 19, 2021 (ZDI Advisory).

The specific vulnerability exists within the parsing of GIF files. The issue results from the lack of proper validation of user-supplied data, which can result in an out-of-bounds read past the end of an allocated buffer. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High) with the following vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (ZDI Advisory).

An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. The vulnerability could potentially lead to unauthorized code execution if successfully exploited (ZDI Advisory).

The vulnerability has been fixed in JT2Go and Teamcenter Visualization version V13.2. Users are advised to upgrade to this version or later to mitigate the vulnerability (CVE Details).