An XML external entity injection vulnerability in the underlying XML parser could cause the affected application to disclose arbitrary files to remote attackers by loading a specially crafted XML file.
The PSKERNEL.DLL library in the affected application lacks proper validation while parsing user-supplied OBJ files that could lead to a use-after-free condition. An attacker could leverage this vulnerability to execute code in the context of the current process.
The PSKERNEL.DLL library lacks proper validation while parsing user supplied OBJ files that could cause an out-of-bounds access to an uninitialized pointer. An attacker could leverage this vulnerability to execute code in the context of the current process.
Refer to CISA advisory for the complete list of affected products and their respective patches at