GLSA-202208-01 : 3MF Consortium lib3mf: Remote code execution

The remote host is affected by the vulnerability described in GLSA-202208-01 3MF Consortium lib3mf: Remote code execution - A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code...

3MF Consortium lib3mf: Remote code execution

Background lib3mf is an implementation of the 3D Manufacturing Format file standard. Description Incorrect memory handling within lib3mf could result in a use-after-free. Impact An attacker that can provide malicious input to an application using 3MF Consortium's lib3mf could achieve remote code...

Fedora 32 : lib3mf (2021-6945629745)

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-6945629745 advisory. - A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted...

CVE-2021-21772

A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

Vulnerability Spotlight: Use-after-free vulnerability in 3MF Consortium lib3mf

Lilith of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. 3MF Consortium’s lib3mf library is vulnerable to a use-after-free vulnerability that could allow an adversary to execute remote code on the victim machine. The lib3mf library is an open-source implementation of the 3MF file...

3MF Consortium lib3mf NMR::COpcPackageReader::releaseZIP() use-after-free vulnerability

Summary A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions 3MF Consortium...

CVE-2021-21772

CVE-2021-21772 describes a use-after-free in the NMR::COpcPackageReader::releaseZIP() path of 3MF Consortium’s lib3mf, version 2.0.0. A crafted 3MF file can lead to code execution. Affected products are lib3mf 2.0.0 and deployments using it (e.g., lib3mf-based apps). The root cause is improper me...

CVE-2021-21772

A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...