CVE-2021-34925: 
Bentley MicroStation CONNECT vulnerability analysis and mitigation

A stack-based buffer overflow vulnerability was discovered in Bentley View affecting JT file parsing functionality. The vulnerability (CVE-2021-34925) was disclosed on December 8, 2021, with a CVSS score of 7.8. The issue affects installations of Bentley View prior to version 10.16.02.* (ZDI Advisory, Bentley Advisory).

The vulnerability exists within the parsing of JT files. The specific flaw results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) (ZDI Advisory).

An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. User interaction is required to exploit this vulnerability as the target must open a malicious file (ZDI Advisory).

Bentley has issued an update to address this vulnerability. Users are recommended to update to version 10.16.02.* or later of Bentley View. As a general best practice, it is also recommended to only open JT files coming from trusted sources (Bentley Advisory).