Ubuntu 20.04 LTS : lib3mf vulnerability (USN-6216-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6216-1 advisory. It was discovered that lib3mf did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted 3MF file, a loca...

GLSA-202208-01 : 3MF Consortium lib3mf: Remote code execution

The remote host is affected by the vulnerability described in GLSA-202208-01 3MF Consortium lib3mf: Remote code execution - A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code...

Mageia: Security Advisory (MGASA-2021-0368)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated lib3mf packages fix security vulnerability

A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability CVE-2021-21772. A new package 'act' is...

MGASA-2021-0368 Updated lib3mf packages fix security vulnerability

A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability CVE-2021-21772. A new package 'act' is...

Fedora 33 : lib3mf (2021-b73f9c96ee)

The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-b73f9c96ee advisory. - A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted...

Fedora 32 : lib3mf (2021-6945629745)

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-6945629745 advisory. - A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted...

CVE-2021-21772

creationtimestamp| type| source ---|---|--- 2021-03-10 20:53:12+00:00| seen| https://t.me/cibsecurity/24713...

CVE-2021-21772

CVE-2021-21772 describes a use-after-free in the NMR::COpcPackageReader::releaseZIP() path of 3MF Consortium’s lib3mf, version 2.0.0. A crafted 3MF file can lead to code execution. Affected products are lib3mf 2.0.0 and deployments using it (e.g., lib3mf-based apps). The root cause is improper me...

3MF Consortium lib3mf NMR::COpcPackageReader::releaseZIP() use-after-free vulnerability

Talos Vulnerability Report TALOS-2021-1226 3MF Consortium lib3mf NMR::COpcPackageReader::releaseZIP use-after-free vulnerability March 10, 2021 CVE Number CVE-2021-21772 SUMMARY A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP functionality of 3MF Consortium lib3mf...