CVE-2022-32242: 
SAP 3D Visual Enterprise Viewer vulnerability analysis and mitigation

A vulnerability (CVE-2022-32242) was identified in SAP 3D Visual Enterprise Viewer affecting versions up to and including 9.0. The vulnerability is related to the handling of Radiance Picture (.hdr, hdr.x3d) files, where opening manipulated files from untrusted sources can cause the application to crash (NVD, CVE).

The vulnerability stems from improper input validation (CWE-20) when parsing HDR files. The specific flaw exists due to the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. The vulnerability has received a CVSS v3.1 base score of 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (NVD, ZDI).

When successfully exploited, this vulnerability can cause the application to crash and become temporarily unavailable to the user until the application is restarted. According to Zero Day Initiative's analysis, attackers could potentially execute arbitrary code in the context of the current process (ZDI).

SAP has released security updates to address this vulnerability. Users are advised to apply the available patches as detailed in the SAP security advisory (SAP Advisory).