Vulnerability Details CVE-2022-38072
An improper array index validation vulnerability exists in the stl_fix_normal_directions functionality of ADMesh Master Commit 767a105 and v0.98.4. A specially-crafted stl file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 25.5%
CVSS Severity
CVSS v3 Score 6.5
References
- https://github.com/admesh/admesh/commit/5fab257268a0ee6f832c18d72af89810a29fbd5f
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1594
- https://github.com/admesh/admesh/commit/5fab257268a0ee6f832c18d72af89810a29fbd5f
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1594
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1594
Products affected by CVE-2022-38072
-
cpe:2.3:a:admesh_project:admesh:0.98.4
-
cpe:2.3:a:admesh_project:admesh:2022-11-18
-
cpe:2.3:a:slic3r:libslic3r:b1a5500