openscad is vulnerable to out-of-bounds access. The vulnerability exists in ADD_LINE
function in dxfdata.cc
due to missing validations in DXF import which allows an attacker to cause an out of bound writes.
CPE | Name | Operator | Version |
---|---|---|---|
openscad:sid | eq | 2021.01-2 | |
openscad:sid | eq | 2019.05-3+b1 | |
openscad:sid | eq | 2021.01-2 | |
openscad:sid | eq | 2019.05-3+b1 |
bugzilla.redhat.com/show_bug.cgi?id=2050695
github.com/openscad/openscad/commit/00a4692989c4e2f191525f73f24ad8727bacdf41
github.com/openscad/openscad/commit/52ce0f7ad1a7675cd6388308ef8d4ef241fbb2b8
github.com/openscad/openscad/commit/770e3234cbfe66edbc0333f796b46d36a74aa652
github.com/openscad/openscad/issues/4037
github.com/openscad/openscad/pull/4090
security-tracker.debian.org/tracker/CVE-2022-0496