[3dprinter-general] Bug#1074233: slic3r-prusa: CVE-2024-24686 CVE-2024-24685 CVE-2024-24684 CVE-2024-24584 CVE-2024-24583 CVE-2024-23951 CVE-2024-23950 CVE-2024-23949 CVE-2024-23948 CVE-2024-23947 CVE-2024-22181 CVE-2023-49600 CVE-2023-35953 CVE-2023-35952 CVE-2023-35951 CVE-2023-35950 CVE-2023-35949
Moritz Mühlenhoff
jmm at inutil.org
Mon Jun 24 22:34:53 BST 2024
Source: slic3r-prusa
X-Debbugs-CC: team at security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for libigl, which slic3r-prusa
embeds a copy of.
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1929
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1928
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1926
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1930
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1879
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1784
https://github.com/libigl/libigl/issues/2387
CVE-2024-24686[0]:
| Multiple stack-based buffer overflow vulnerabilities exist in the
| readOFF functionality of libigl v2.5.0. A specially crafted .off
| file can lead to stack-based buffer overflow. An attacker can
| provide a malicious file to trigger this vulnerability.This
| vulnerability concerns the parsing of comments within the faces
| section of an `.off` file processed via the `readOFF` function.
CVE-2024-24685[1]:
| Multiple stack-based buffer overflow vulnerabilities exist in the
| readOFF functionality of libigl v2.5.0. A specially crafted .off
| file can lead to stack-based buffer overflow. An attacker can
| provide a malicious file to trigger this vulnerability.This
| vulnerability concerns the parsing of comments within the vertex
| section of an `.off` file processed via the `readOFF` function.
CVE-2024-24684[2]:
| Multiple stack-based buffer overflow vulnerabilities exist in the
| readOFF functionality of libigl v2.5.0. A specially crafted .off
| file can lead to stack-based buffer overflow. An attacker can
| provide a malicious file to trigger this vulnerability.This
| vulnerability concerns the header parsing occuring while processing
| an `.off` file via the `readOFF` function. We can see above
| that at [0] a stack-based buffer called `comment` is defined with an
| hardcoded size of `1000 bytes`. The call to `fscanf` at [1] is
| unsafe and if the first line of the header of the `.off` files is
| longer than 1000 bytes it will overflow the `header` buffer.
CVE-2024-24584[3]:
| Multiple out-of-bounds read vulnerabilities exist in the readMSH
| functionality of libigl v2.5.0. A specially crafted .msh file can
| lead to an out-of-bounds read. An attacker can provide a malicious
| file to trigger this vulnerability.This vulnerabilitty concerns
| the`readMSH` function while processing `MshLoader::ELEMENT_TET`
| elements.
CVE-2024-24583[4]:
| Multiple out-of-bounds read vulnerabilities exist in the readMSH
| functionality of libigl v2.5.0. A specially crafted .msh file can
| lead to an out-of-bounds read. An attacker can provide a malicious
| file to trigger this vulnerability.This vulnerabilitty concerns
| the`readMSH` function while processing `MshLoader::ELEMENT_TRI`
| elements.
CVE-2024-23951[5]:
| Multiple improper array index validation vulnerabilities exist in
| the readMSH functionality of libigl v2.5.0. A specially crafted .msh
| file can lead to an out-of-bounds write. An attacker can provide a
| malicious file to trigger this vulnerability.This vulnerability
| concerns the `igl::MshLoader::parse_element_field` function while
| handling an `ascii`.msh` file.
CVE-2024-23950[6]:
| Multiple improper array index validation vulnerabilities exist in
| the readMSH functionality of libigl v2.5.0. A specially crafted .msh
| file can lead to an out-of-bounds write. An attacker can provide a
| malicious file to trigger this vulnerability.This vulnerability
| concerns the `igl::MshLoader::parse_element_field` function while
| handling an `binary`.msh` file.
CVE-2024-23949[7]:
| Multiple improper array index validation vulnerabilities exist in
| the readMSH functionality of libigl v2.5.0. A specially crafted .msh
| file can lead to an out-of-bounds write. An attacker can provide a
| malicious file to trigger this vulnerability.This vulnerability
| concerns the `igl::MshLoader::parse_node_field` function while
| handling an `ascii`.msh` file.
CVE-2024-23948[8]:
| Multiple improper array index validation vulnerabilities exist in
| the readMSH functionality of libigl v2.5.0. A specially crafted .msh
| file can lead to an out-of-bounds write. An attacker can provide a
| malicious file to trigger this vulnerability.This vulnerability
| concerns the `igl::MshLoader::parse_nodes` function while handling
| an `ascii`.msh` file.
CVE-2024-23947[9]:
| Multiple improper array index validation vulnerabilities exist in
| the readMSH functionality of libigl v2.5.0. A specially crafted .msh
| file can lead to an out-of-bounds write. An attacker can provide a
| malicious file to trigger this vulnerability.This vulnerability
| concerns the `igl::MshLoader::parse_nodes` function while handling a
| `binary` `.msh` file.
CVE-2024-22181[10]:
| An out-of-bounds write vulnerability exists in the readNODE
| functionality of libigl v2.5.0. A specially crafted .node file can
| lead to an out-of-bounds write. An attacker can provide a malicious
| file to trigger this vulnerability.
CVE-2023-49600[11]:
| An out-of-bounds write vulnerability exists in the PlyFile
| ply_cast_ascii functionality of libigl v2.5.0. A specially crafted
| .ply file can lead to a heap buffer overflow. An attacker can
| provide a malicious file to trigger this vulnerability.
CVE-2023-35953[12]:
| Multiple stack-based buffer overflow vulnerabilities exist in the
| readOFF.cpp functionality of libigl v2.4.0. A specially-crafted .off
| file can lead to a buffer overflow. An attacker can arbitrary code
| execution to trigger these vulnerabilities.This vulnerability exists
| within the code responsible for parsing comments within the
| geometric vertices section within an OFF file.
CVE-2023-35952[13]:
| Multiple stack-based buffer overflow vulnerabilities exist in the
| readOFF.cpp functionality of libigl v2.4.0. A specially-crafted .off
| file can lead to a buffer overflow. An attacker can arbitrary code
| execution to trigger these vulnerabilities.This vulnerability exists
| within the code responsible for parsing comments within the
| geometric faces section within an OFF file.
CVE-2023-35951[14]:
| Multiple stack-based buffer overflow vulnerabilities exist in the
| readOFF.cpp functionality of libigl v2.4.0. A specially-crafted .off
| file can lead to a buffer overflow. An attacker can arbitrary code
| execution to trigger these vulnerabilities.This vulnerability exists
| within the code responsible for parsing geometric vertices of an OFF
| file.
CVE-2023-35950[15]:
| Multiple stack-based buffer overflow vulnerabilities exist in the
| readOFF.cpp functionality of libigl v2.4.0. A specially-crafted .off
| file can lead to a buffer overflow. An attacker can arbitrary code
| execution to trigger these vulnerabilities.This vulnerability exists
| within the code responsible for parsing the header of an OFF file.
CVE-2023-35949[16]:
| Multiple stack-based buffer overflow vulnerabilities exist in the
| readOFF.cpp functionality of libigl v2.4.0. A specially-crafted .off
| file can lead to a buffer overflow. An attacker can arbitrary code
| execution to trigger these vulnerabilities.This vulnerability exists
| within the code responsible for parsing geometric faces of an OFF
| file.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-24686
https://www.cve.org/CVERecord?id=CVE-2024-24686
[1] https://security-tracker.debian.org/tracker/CVE-2024-24685
https://www.cve.org/CVERecord?id=CVE-2024-24685
[2] https://security-tracker.debian.org/tracker/CVE-2024-24684
https://www.cve.org/CVERecord?id=CVE-2024-24684
[3] https://security-tracker.debian.org/tracker/CVE-2024-24584
https://www.cve.org/CVERecord?id=CVE-2024-24584
[4] https://security-tracker.debian.org/tracker/CVE-2024-24583
https://www.cve.org/CVERecord?id=CVE-2024-24583
[5] https://security-tracker.debian.org/tracker/CVE-2024-23951
https://www.cve.org/CVERecord?id=CVE-2024-23951
[6] https://security-tracker.debian.org/tracker/CVE-2024-23950
https://www.cve.org/CVERecord?id=CVE-2024-23950
[7] https://security-tracker.debian.org/tracker/CVE-2024-23949
https://www.cve.org/CVERecord?id=CVE-2024-23949
[8] https://security-tracker.debian.org/tracker/CVE-2024-23948
https://www.cve.org/CVERecord?id=CVE-2024-23948
[9] https://security-tracker.debian.org/tracker/CVE-2024-23947
https://www.cve.org/CVERecord?id=CVE-2024-23947
[10] https://security-tracker.debian.org/tracker/CVE-2024-22181
https://www.cve.org/CVERecord?id=CVE-2024-22181
[11] https://security-tracker.debian.org/tracker/CVE-2023-49600
https://www.cve.org/CVERecord?id=CVE-2023-49600
[12] https://security-tracker.debian.org/tracker/CVE-2023-35953
https://www.cve.org/CVERecord?id=CVE-2023-35953
[13] https://security-tracker.debian.org/tracker/CVE-2023-35952
https://www.cve.org/CVERecord?id=CVE-2023-35952
[14] https://security-tracker.debian.org/tracker/CVE-2023-35951
https://www.cve.org/CVERecord?id=CVE-2023-35951
[15] https://security-tracker.debian.org/tracker/CVE-2023-35950
https://www.cve.org/CVERecord?id=CVE-2023-35950
[16] https://security-tracker.debian.org/tracker/CVE-2023-35949
https://www.cve.org/CVERecord?id=CVE-2023-35949
Please adjust the affected versions in the BTS as needed.
More information about the 3dprinter-general
mailing list