Lucene search
K

31 matches found

OpenVAS
OpenVAS
added 2021/03/22 12:0 a.m.16 views

Fedora: Security Advisory for lib3mf (FEDORA-2021-bb1b7591c4)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.1CVSS8.2AI score0.04339EPSS
Exploits1References2
NVD
NVD
added 2021/03/10 5:15 p.m.22 views

CVE-2021-21772

A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

8.1CVSS0.04339EPSS
Exploits1References7
OSV
OSV
added 2021/03/10 5:15 p.m.26 views

CVE-2021-21772

A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

8.1CVSS7AI score
Exploits0References7
UbuntuCve
UbuntuCve
added 2021/03/10 5:15 p.m.39 views

CVE-2021-21772

A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

8.1CVSS7.2AI score0.04339EPSS
Exploits1References3
Prion
Prion
added 2021/03/10 5:15 p.m.24 views

Design/Logic Flaw

A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

6.8CVSS7.9AI score0.04339EPSS
Exploits1References7Affected Software3
OSV
OSV
added 2021/03/10 5:15 p.m.1 views

UBUNTU-CVE-2021-21772

A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

8.1CVSS7.3AI score0.04339EPSS
Exploits1References4
Talos Blog
Talos Blog
added 2021/03/10 4:0 p.m.43 views

Vulnerability Spotlight: Use-after-free vulnerability in 3MF Consortium lib3mf

Lilith of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. 3MF Consortium’s lib3mf library is vulnerable to a use-after-free vulnerability that could allow an adversary to execute remote code on the victim machine. The lib3mf library is an open-source implementation of the 3MF file...

1.7AI score
Exploits0
CVE
CVE
added 2021/03/10 12:0 a.m.92 views

CVE-2021-21772

CVE-2021-21772 describes a use-after-free in the NMR::COpcPackageReader::releaseZIP() path of 3MF Consortium’s lib3mf, version 2.0.0. A crafted 3MF file can lead to code execution. Affected products are lib3mf 2.0.0 and deployments using it (e.g., lib3mf-based apps). The root cause is improper me...

8.1CVSS7.9AI score0.04339EPSS
Exploits1References7Affected Software1
Talos
Talos
added 2021/03/10 12:0 a.m.26 views

3MF Consortium lib3mf NMR::COpcPackageReader::releaseZIP() use-after-free vulnerability

Talos Vulnerability Report TALOS-2021-1226 3MF Consortium lib3mf NMR::COpcPackageReader::releaseZIP use-after-free vulnerability March 10, 2021 CVE Number CVE-2021-21772 SUMMARY A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP functionality of 3MF Consortium lib3mf...

8.1CVSS8AI score0.04339EPSS
Exploits1
Cvelist
Cvelist
added 2021/03/10 12:0 a.m.38 views

CVE-2021-21772

A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

8.1CVSS8.3AI score0.04339EPSS
Exploits1References7
Debian CVE
Debian CVE
added 2021/03/10 12:0 a.m.24 views

CVE-2021-21772

A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

8.1CVSS8.1AI score0.04339EPSS
Exploits1
Rows per page
Query Builder