Lucene search

[email protected]NVD:CVE-2022-36788

HistoryApr 20, 2023 - 4:15 p.m.

CVE-2022-36788

2023-04-2016:15:07

CWE-130

CWE-787

[email protected]

web.nvd.nist.gov

heap-based buffer

slic3r libslic3r

trianglemesh clone

stl file

vulnerability

attacker

malicious file

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

28.9%

JSON

A heap-based buffer overflow vulnerability exists in the TriangleMesh clone functionality of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A specially-crafted STL file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

Affected configurations

Nvd

Node

slic3rlibslic3rMatch1.3.0

VendorProductVersionCPE
slic3rlibslic3r1.3.0cpe:2.3:a:slic3r:libslic3r:1.3.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
slic3r	libslic3r	1.3.0	cpe:2.3:a:slic3r:libslic3r:1.3.0:::::::*

References

talosintelligence.com/vulnerability_reports/TALOS-2022-1593

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

28.9%

JSON

Related for NVD:CVE-2022-36788

prion1 debiancve1 vulnrichment1 ubuntucve1 cvelist1 talos1 cve1