CVE-2022-22539: 
SAP 3D Visual Enterprise Viewer vulnerability analysis and mitigation

CVE-2022-22539 affects SAP 3D Visual Enterprise Viewer version 9.0. The vulnerability was discovered and disclosed in February 2022, where a manipulated JPEG file format (.jpg, 2d.x3d) received from untrusted sources can cause the application to crash and become temporarily unavailable until restart (NVD).

The vulnerability is classified as an Out-Of-Bounds Write issue with a CVSS v3.1 base score of 7.8 (High), with the vector string AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The specific flaw exists within the parsing of JPG images, where crafted data in a JPG image can trigger a write past the end of an allocated buffer. The vulnerability is categorized under CWE-20 (Improper Input Validation) (ZDI, NVD).

An attacker can leverage this vulnerability to execute code in the context of the current process. When successfully exploited, the application crashes and becomes temporarily unavailable to the user until the application is restarted (ZDI).

SAP has issued an update to correct this vulnerability. Users are recommended to apply the security patches provided by SAP (ZDI).