Slic3R Libslic3R vulnerabilities

CVE-2022-36788 [HIGH] CWE-130 CVE-2022-36788: A heap-based buffer overflow vulnerability exists in the TriangleMesh clone functionality of Slic3r A heap-based buffer overflow vulnerability exists in the TriangleMesh clone functionality of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A specially-crafted STL file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2022-38072 [HIGH] CWE-118 CVE-2022-38072: An improper array index validation vulnerability exists in the stl_fix_normal_directions functionali An improper array index validation vulnerability exists in the stl_fix_normal_directions functionality of ADMesh Master Commit 767a105 and v0.98.4. A specially-crafted stl file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2021-44962 [MEDIUM] CWE-125 CVE-2021-44962: An out-of-bounds read vulnerability exists in the GCode::extrude() functionality of Slic3r libslic3r An out-of-bounds read vulnerability exists in the GCode::extrude() functionality of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A specially crafted stl file could lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2021-44961 [MEDIUM] CWE-401 CVE-2021-44961: A memory leakage flaw exists in the class PerimeterGenerator of Slic3r libslic3r 1.3.0 and Master Co A memory leakage flaw exists in the class PerimeterGenerator of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. Specially crafted stl files can exhaust available memory. An attacker can provide malicious files to trigger this vulnerability.

CVE-2020-28590 [MEDIUM] CWE-20 CVE-2020-28590: An out-of-bounds read vulnerability exists in the Obj File TriangleMesh::TriangleMesh() functionalit An out-of-bounds read vulnerability exists in the Obj File TriangleMesh::TriangleMesh() functionality of Slic3r libslic3r 1.3.0 and Master Commit 92abbc42. A specially crafted obj file could lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2020-28591 [MEDIUM] CWE-20 CVE-2020-28591: An out-of-bounds read vulnerability exists in the AMF File AMFParserContext::endElement() functional An out-of-bounds read vulnerability exists in the AMF File AMFParserContext::endElement() functionality of Slic3r libslic3r 1.3.0 and Master Commit 92abbc42. A specially crafted AMF file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.