CVE-2022-38072

MEDIUM6.5

An improper array index validation vulnerability exists in the stl_fix_normal_directions functionality of ADMesh Master Commit 767a105 and v0

Published Apr 3, 2023

Modified 11 months ago

No fix available

Details

An improper array index validation vulnerability exists in the stl_fix_normal_directions functionality of ADMesh Master Commit 767a105 and v0.98.4. A specially-crafted stl file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

References

WEBhttps://github.com/admesh/admesh/commit/5fab257268a0ee6f832c18d72af89810a29fbd5f WEBhttps://talosintelligence.com/vulnerability_reports/TALOS-2022-1594 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2022-38072 WEBhttps://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1594

CVSS Analysis

CVSS v3.1

6.5

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

LowI:L

Availability

LowA:L

6.5/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Weakness Type (CWE)

Other

CWE-118

Ecosystems

Timeline

PublishedApr 3, 2023

ModifiedFeb 11, 2025