4 matches found
CVE-2020-28599
OpenSCAD vulnerability CVE-2020-28599 exists in openscad-2020.12-RC2 due to a stack-based overflow in import_stl.cpp when parsing STL files; a crafted STL can lead to code execution. Publicly documented impact and patches indicate upgrading to OpenSCAD 2021.01 or newer (e.g., as per GLSA/Mageia a...
CVE-2020-28600
The CVE-2020-28600 entry concerns OpenSCAD (openscad-2020.12-RC2) with an out-of-bounds write in import_stl():import_stl() that allows code execution via a specially crafted STL file. The vulnerability impacts the STL import path and is referenced in multiple advisories (openSUSE/OpenSCAD securit...
CVE-2022-0496
CVE-2022-0496 is a vulnerability in OpenSCAD related to the DXF loader. ADXF-format drawing with certain (not necessarily malformed) properties may trigger an out-of-bounds memory access when imported via import(). The issue is tied to OpenSCAD’s DXF parsing path and has been addressed by fixes i...
CVE-2022-0497
OpenSCAD is affected by CVE-2022-0497. The vulnerability is an out-of-bounds read during parsing of annotations in a .scad file that ends without a trailing newline. The root cause is in the comment/annotation parsing path. The CVSSv3.1 score is 7.1 (HIGH) with LOCAL attack vector, LOW attack com...