First published: Mon Apr 03 2023(Updated: )
An improper array index validation vulnerability exists in the stl_fix_normal_directions functionality of ADMesh Master Commit 767a105 and v0.98.4. A specially-crafted stl file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
Credit: talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Admesh Project Admesh | =0.98.4 | |
Admesh Project Admesh | =2022-11-18 | |
Slic3r libslic3r | =b1a5500 | |
pip/admesh | <0.98.5 | 0.98.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-38072 is an improper array index validation vulnerability in the stl_fix_normal_directions functionality of ADMesh.
CVE-2022-38072 has a severity rating of 8.8 (high).
The affected software includes ADMesh versions 0.98.4 and 2022-11-18, as well as Slic3r libslic3r version b1a5500.
An attacker can provide a specially-crafted stl file to trigger a heap buffer overflow.
More information about CVE-2022-38072 can be found on the GitHub commit and Talos Intelligence vulnerability reports: [GitHub](https://github.com/admesh/admesh/commit/5fab257268a0ee6f832c18d72af89810a29fbd5f), [Talos Intelligence](https://talosintelligence.com/vulnerability_reports/TALOS-2022-1594)