CVE-2024-23951

2024-05-2814:15:11

Debian Security Bug Tracker

security-tracker.debian.org

cve-2024-23951

array index validation

readmsh functionality

libigl

out-of-bounds write

malicious file

mshloader

parse_element_field

ascii.msh

unix

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

39.3%

JSON

Multiple improper array index validation vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the igl::MshLoader::parse_element_field function while handling an ascii.msh` file.

OSVersionArchitecturePackageVersionFilename
Debian12allslic3r-prusa<= 2.5.0+dfsg-4slic3r-prusa_2.5.0+dfsg-4_all.deb
Debian11allslic3r-prusa<= 2.3.0+dfsg-1slic3r-prusa_2.3.0+dfsg-1_all.deb
Debian10allslic3r-prusa<= 1.39.2+dfsg-1slic3r-prusa_1.39.2+dfsg-1_all.deb
Debian999allslic3r-prusa<= 2.7.5~rc1+dfsg-1slic3r-prusa_2.7.5~rc1+dfsg-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	slic3r-prusa	<= 2.5.0+dfsg-4	slic3r-prusa_2.5.0+dfsg-4_all.deb
Debian	11	all	slic3r-prusa	<= 2.3.0+dfsg-1	slic3r-prusa_2.3.0+dfsg-1_all.deb
Debian	10	all	slic3r-prusa	<= 1.39.2+dfsg-1	slic3r-prusa_1.39.2+dfsg-1_all.deb
Debian	999	all	slic3r-prusa	<= 2.7.5~rc1+dfsg-1	slic3r-prusa_2.7.5~rc1+dfsg-1_all.deb