Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 832054 (CVE-2021-44961, CVE-2021-44962, CVE-2021-45846, CVE-2021-45847)

Summary: media-gfx/slic3r: multiple vulnerabilities
Product: Gentoo Security Reporter: filip ambroz <filip.ambroz>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: trivial CC: 3dprint, perl
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: ~3 [upstream]
Package list:
Runtime testing required: ---

Description filip ambroz 2022-01-25 16:19:04 UTC
[ URL: https://github.com/slic3r/Slic3r/issues/5117 ]
A crafted AMF XML document can cause a crash due to a NULL pointer dereference during parsing.
Affected version: 1.3.0
Impact: DoS

[ URL: https://github.com/slic3r/Slic3r/issues/5118 ]
A crafted 3MF XML document can cause a crash due to a NULL pointer dereference during parsing.
Affected version: 1.3.0
Impact: DoS

[ URL: https://github.com/slic3r/Slic3r/issues/5119 ]
A crafted 3MF XML document can cause a crash due to a NULL pointer dereference during parsing.
Affected version: 1.3.0
Impact: DoS

[ URL: https://github.com/slic3r/Slic3r/issues/5120 ]
A crafted 3MF XML document can cause a crash due to a NULL pointer dereference during parsing.
Affected version: 1.3.0
Impact: DoS
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-02 02:18:13 UTC
CVE-2021-44961 (https://hackmd.io/nDT_UKLyRQendxDwil9A4w):

A memory leakage flaw exists in the class PerimeterGenerator of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A Specially crafAn out-of-bounds read vulnerability exists in the GCode::extrude() functionality of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A specially crafted stl file could lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.ted stl files can exhaust available memory.

CVE-2021-44962 (https://hackmd.io/KSI1bwGfSyO7T8UCf0HeTw):

An out-of-bounds read vulnerability exists in the GCode::extrude() functionality of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A specially crafted stl file could lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.