CVE-2022-36788

2023-04-2016:15:07

CWE-787

CWE-130

talos

web.nvd.nist.gov

cve-2022-36788

slic3r

buffer overflow

vulnerability

stl file

nvd

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

28.9%

JSON

A heap-based buffer overflow vulnerability exists in the TriangleMesh clone functionality of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A specially-crafted STL file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

Affected configurations

Nvd

Vulners

Node

slic3rlibslic3rMatch1.3.0

VendorProductVersionCPE
slic3rlibslic3r1.3.0cpe:2.3:a:slic3r:libslic3r:1.3.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
slic3r	libslic3r	1.3.0	cpe:2.3:a:slic3r:libslic3r:1.3.0:::::::*

CNA Affected

[
  {
    "vendor": "Slic3r",
    "product": "libslic3r",
    "versions": [
      {
        "version": "1.3.0",
        "status": "affected"
      },
      {
        "version": "Master Commit b1a5500",
        "status": "affected"
      }
    ]
  }
]