An improper array index validation vulnerability exists in the stl_fix_normal_directions functionality of ADMesh Master Commit 767a105 and v0.98.4. A specially-crafted stl file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
References
Link | Resource |
---|---|
https://github.com/admesh/admesh/commit/5fab257268a0ee6f832c18d72af89810a29fbd5f | Patch |
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1594 | Exploit Technical Description Third Party Advisory |
Configurations
History
09 Apr 2023, 02:13
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:admesh_project:admesh:2022-11-18:*:*:*:*:*:*:* cpe:2.3:a:admesh_project:admesh:0.98.4:*:*:*:*:*:*:* cpe:2.3:a:slic3r:libslic3r:b1a5500:*:*:*:*:*:*:* |
|
First Time |
Admesh Project
Slic3r libslic3r Slic3r Admesh Project admesh |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
References | (MISC) https://talosintelligence.com/vulnerability_reports/TALOS-2022-1594 - Exploit, Technical Description, Third Party Advisory | |
References | (MISC) https://github.com/admesh/admesh/commit/5fab257268a0ee6f832c18d72af89810a29fbd5f - Patch | |
CWE | CWE-129 |
03 Apr 2023, 17:24
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-03 16:15
Updated : 2023-12-10 15:01
NVD link : CVE-2022-38072
Mitre link : CVE-2022-38072
CVE.ORG link : CVE-2022-38072
JSON object : View
Products Affected
slic3r
- libslic3r
admesh_project
- admesh