CVE-2021-44961 — Missing Release of Memory after Effective Lifetime in Libslic3r

CWE-401 — Missing Release of Memory after Effective Lifetime4 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 69.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Slic3r Libslic3r Debian Slic3r

Timeline

PublishedMar 1

Latest updateMar 2

Description

A memory leakage flaw exists in the class PerimeterGenerator of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. Specially crafted stl files can exhaust available memory. An attacker can provide malicious files to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDslic3r/libslic3r1.3.0

▶debiandebian/slic3r

🔴Vulnerability Details

GHSA

GHSA-hmw9-9296-84q4: A memory leakage flaw exists in the class PerimeterGenerator of Slic3r libslic3r 1↗2022-03-02

▶

OSV

CVE-2021-44961: A memory leakage flaw exists in the class PerimeterGenerator of Slic3r libslic3r 1↗2022-03-01

▶

📋Vendor Advisories

Debian

CVE-2021-44961: slic3r - A memory leakage flaw exists in the class PerimeterGenerator of Slic3r libslic3r...↗2021

▶