CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0496
https://notcve.org/view.php?id=CVE-2022-0496
A vulnerbiility was found in Openscad, where a DXF-format drawing with particular (not necessarily malformed!) properties may cause an out-of-bounds memory access when imported using import(). Se encontró una vulnerabilidad en Openscad, donde un dibujo en formato DXF con propiedades particulares (¡no necesariamente malformadas!) puede causar un acceso a memoria fuera de límites cuando se importa usando import() • https://bugzilla.redhat.com/show_bug.cgi?id=2050695 https://github.com/openscad/openscad/commit/00a4692989c4e2f191525f73f24ad8727bacdf41 https://github.com/openscad/openscad/commit/770e3234cbfe66edbc0333f796b46d36a74aa652 https://github.com/openscad/openscad/issues/4037 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0497
https://notcve.org/view.php?id=CVE-2022-0497
A vulnerbiility was found in Openscad, where a .scad file with no trailing newline could cause an out-of-bounds read during parsing of annotations. Se ha encontrado una vulnerabilidad en Openscad, donde un archivo .scad sin una nueva línea final podría causar una lectura fuera de límites durante el análisis de las anotaciones • https://bugzilla.redhat.com/show_bug.cgi?id=2050699 https://github.com/openscad/openscad/issues/4043 https://github.com/openscad/openscad/pull/4044 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-28600
https://notcve.org/view.php?id=CVE-2020-28600
An out-of-bounds write vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de escritura fuera de límites en la funcionalidad import_stl.cc:import_stl() de Openscad openscad-2020.12-RC2. Un archivo STL especialmente diseñado puede conllevar a una ejecución de código. • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1224 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 2CVE-2020-28599
https://notcve.org/view.php?id=CVE-2020-28599
A stack-based buffer overflow vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de desbordamiento del búfer en la región stack de la memoria en la funcionalidad import_stl.cc:import_stl() de Openscad openscad-2020.12-RC2. Un archivo STL especialmente diseñado puede conllevar a una ejecución de código. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AFXQZK6BAYARVVWBBXDKPVPN3N77PPDX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KRHYUWXQ7QQIC6TXDYYLYFFF7B7L3EBD https://security.gentoo.org/glsa/202107-35 https://talosintelligence.com/vulnerability_reports/TALOS-2020-1223 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1224 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •