CVE-2022-36788

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions libslic3r version 1.3.0 libslic3r Master Commit b1a5500

Description A heap-based buffer overflow issue exists in the TriangleMesh clone functionality. This can be triggered by a specially-crafted STL file, leading to a heap buffer overflow. An attacker can exploit this by providing a malicious file.

Recommendations For libslic3r version 1.3.0, consider disabling the TriangleMesh clone functionality until a patch is available. For libslic3r Master Commit b1a5500, restrict the use of the TriangleMesh clone functionality to minimize the risk of exploitation. Avoid using malicious STL files in the affected functionality until the issue is resolved.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-130CWE-787

Related Identifiers

CVE-2022-36788

Affected Products

Debian

Libslic3R

CVE-2022-36788

Weakness Enumeration

Related Identifiers

Affected Products

References · 11