CVE-2022-38072

Summary

An improper array index validation vulnerability exists in the stl_fix_normal_directions functionality of ADMesh Master Commit 767a105 and v0.98.4. A specially-crafted stl file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

Affected Software

VendorProductVersion RangeStatus
ADMeshADMeshMaster Commit 767a105affected
ADMeshADMeshv0.98.4affected
ADMeshADMeshMaster Commit 767a105affected
ADMeshADMeshv0.98.4affected
ADMeshADMeshMaster Commit 767a105affected
ADMeshADMeshv0.98.4affected
Slic3rlibslic3rMaster Commit b1a5500affected

Weaknesses

  • CWE-118: CWE-118: Incorrect Access of Indexable Resource ('Range Error')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References