CVE-2022-38072
HIGH8.8EPSS 0.60%ADMesh improper array index validation
Published: 4/3/2023Modified: 4/28/2026
Description
An improper array index validation vulnerability exists in the stl_fix_normal_directions functionality of ADMesh Master Commit 767a105 and v0.98.4. A specially-crafted stl file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
Affected packages (2)
- Debian/admeshfrom 0
- PyPI/admeshfrom 0, < 0.98.5
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
References (6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-38072
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2022-38072
- PATCHhttps://github.com/admesh/python-admesh
- WEBhttps://github.com/admesh/admesh/commit/5fab257268a0ee6f832c18d72af89810a29fbd5f
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/admesh/PYSEC-2023-263.yaml
- WEBhttps://talosintelligence.com/vulnerability_reports/TALOS-2022-1594