CVE-2024-23950

2024-05-2800:00:00

ubuntu.com

cve-2024-23950

array index validation

libigl v2.5.0

out-of-bounds write

readmsh function

mshloader

parse_element_field

binary.msh

unix

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

39.1%

JSON

Multiple improper array index validation vulnerabilities exist in the
readMSH functionality of libigl v2.5.0. A specially crafted .msh file can
lead to an out-of-bounds write. An attacker can provide a malicious file to
trigger this vulnerability.This vulnerability concerns the
igl::MshLoader::parse_element_field function while handling an
binary.msh` file.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchslic3r-prusa< anyUNKNOWN
ubuntu20.04noarchslic3r-prusa< anyUNKNOWN
ubuntu22.04noarchslic3r-prusa< anyUNKNOWN
ubuntu24.04noarchslic3r-prusa< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	slic3r-prusa	< any	UNKNOWN
ubuntu	20.04	noarch	slic3r-prusa	< any	UNKNOWN
ubuntu	22.04	noarch	slic3r-prusa	< any	UNKNOWN
ubuntu	24.04	noarch	slic3r-prusa	< any	UNKNOWN