CVE-2021-45847 — NULL Pointer Dereference in Slic3r

CWE-476 — NULL Pointer Dereference4 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 71.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Slic3r Debian Slic3r

Timeline

PublishedJan 25

Latest updateJan 26

Description

Several missing input validations in the 3MF parser component of Slic3r libslic3r 1.3.0 can each allow an attacker to cause an application crash using a crafted 3MF input file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDslic3r/slic3r1.3.0

▶debiandebian/slic3r

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-mg95-x73r-76mg: Several missing input validations in the 3MF parser component of Slic3r libslic3r 1↗2022-01-26

▶

OSV

CVE-2021-45847: Several missing input validations in the 3MF parser component of Slic3r libslic3r 1↗2022-01-25

▶

📋Vendor Advisories

Debian

CVE-2021-45847: slic3r - Several missing input validations in the 3MF parser component of Slic3r libslic3...↗2021

▶