CVE-2022-41195

7.8 HIGH

Published: October 11, 2022 Modified: February 25, 2026

Description

Due to lack of proper memory management, when a victim opens a manipulated EAAmiga Interchange File Format (.iff, 2d.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://launchpad.support.sap.com/#/notes/3245928

Source: cna@sap.com

Permissions Required

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Source: cna@sap.com

Vendor Advisory

https://launchpad.support.sap.com/#/notes/3245928

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

4 reference(s) from NVD

Quick Stats

CVSS v3 Score

7.8 / 10.0

EPSS (Exploit Probability)

1.8%

82th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-119 CWE-787 CWE-119 CWE-787

Affected Vendors

sap

Related CVEs

CVE-2026-4529 8.8

CVE-2026-3629 8.1

CVE-2026-4528 7.3

CVE-2026-2756 5.0

CVE-2019-25582 6.5