CVE-2022-38072: ADMesh improper array index validation
(updated )
An improper array index validation vulnerability exists in the stl_fix_normal_directions functionality of ADMesh Master Commit 767a105 and v0.98.4. A specially-crafted stl file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
References
- github.com/admesh/admesh/commit/5fab257268a0ee6f832c18d72af89810a29fbd5f
- github.com/admesh/python-admesh
- github.com/advisories/GHSA-v5hv-4pw3-q6h9
- github.com/pypa/advisory-database/tree/main/vulns/admesh/PYSEC-2023-263.yaml
- nvd.nist.gov/vuln/detail/CVE-2022-38072
- talosintelligence.com/vulnerability_reports/TALOS-2022-1594
Detect and mitigate CVE-2022-38072 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →