Out-of-Bounds Access

2022-02-2012:23:46

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

24.1%

JSON

openscad is vulnerable to out-of-bounds access. The vulnerability exists in ADD_LINE function in dxfdata.cc due to missing validations in DXF import which allows an attacker to cause an out of bound writes.

CPENameOperatorVersion
openscad:sideq2021.01-2
openscad:sideq2019.05-3+b1
openscad:sideq2021.01-2
openscad:sideq2019.05-3+b1

Name	Operator	Version
openscad:sid	eq	2021.01-2
openscad:sid	eq	2019.05-3+b1
openscad:sid	eq	2021.01-2
openscad:sid	eq	2019.05-3+b1

References

bugzilla.redhat.com/show_bug.cgi?id=2050695

github.com/openscad/openscad/commit/00a4692989c4e2f191525f73f24ad8727bacdf41

github.com/openscad/openscad/commit/52ce0f7ad1a7675cd6388308ef8d4ef241fbb2b8

github.com/openscad/openscad/commit/770e3234cbfe66edbc0333f796b46d36a74aa652

github.com/openscad/openscad/issues/4037

github.com/openscad/openscad/pull/4090

security-tracker.debian.org/tracker/CVE-2022-0496

0.001 Low

EPSS

Percentile

24.1%

JSON

Related for VERACODE:34296