Improper Handling of Length Parameter Inconsistency

CVE-2022-36788

High

8.1/10

Summary

A heap-based buffer overflow vulnerability exists in the TriangleMesh clone functionality of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A specially-crafted STL file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-130 - Improper Handling of Length Parameter Inconsistency

The software parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.

References

Advisory Timeline

Published Apr 20, 2023

Improper Handling of Length Parameter Inconsistency

CVE-2022-36788

Summary

CWE-130 - Improper Handling of Length Parameter Inconsistency

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS