https://bugzilla.redhat.com/show_bug.cgi?id=2064174
Bug ID: 2064174 Summary: CVE-2021-44962 slic3r: specially crafted stl file could lead to information disclosure Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: mrehak@redhat.com CC: mhroncok@redhat.com, perl-devel@lists.fedoraproject.org Target Milestone: --- Classification: Other
An out-of-bounds read vulnerability exists in the GCode::extrude() functionality of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A specially crafted stl file could lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.
Reference:
https://hackmd.io/KSI1bwGfSyO7T8UCf0HeTw
https://bugzilla.redhat.com/show_bug.cgi?id=2064174
Marian Rehak mrehak@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |2064175
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=2064175 [Bug 2064175] CVE-2021-44962 slic3r: specially crafted stl file could lead to information disclosure [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2064174
--- Comment #1 from Marian Rehak mrehak@redhat.com --- Created slic3r tracking bugs for this issue:
Affects: fedora-all [bug 2064175]
https://bugzilla.redhat.com/show_bug.cgi?id=2064174
--- Comment #2 from Product Security DevOps Team prodsec-dev@redhat.com --- This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.
https://bugzilla.redhat.com/show_bug.cgi?id=2064174
Product Security DevOps Team prodsec-dev@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |UPSTREAM Status|NEW |CLOSED Last Closed| |2022-03-15 13:02:23
https://bugzilla.redhat.com/show_bug.cgi?id=2064174 Bug 2064174 depends on bug 2064175, which changed state.
Bug 2064175 Summary: CVE-2021-44962 slic3r: specially crafted stl file could lead to information disclosure [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2064175
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |EOL
perl-devel@lists.fedoraproject.org