CVE-2021-44962

An out-of-bounds read vulnerability exists in the GCode::extrude() functionality of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A specially crafted stl file could lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.

CVSS v3 5.5 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://hackmd.io/KSI1bwGfSyO7T8UCf0HeTw	Exploit Third Party Advisory
https://slic3r.org	Product Vendor Advisory
https://hackmd.io/KSI1bwGfSyO7T8UCf0HeTw	Exploit Third Party Advisory
https://slic3r.org	Product Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:slic3r:libslic3r:1.3.0:*:*:*:*:*:*:*

History

21 Nov 2024, 06:31

Type	Values Removed	Values Added
References	~~() https://hackmd.io/KSI1bwGfSyO7T8UCf0HeTw - Exploit, Third Party Advisory~~	() https://hackmd.io/KSI1bwGfSyO7T8UCf0HeTw - Exploit, Third Party Advisory
References	~~() https://slic3r.org - Product, Vendor Advisory~~	() https://slic3r.org - Product, Vendor Advisory

24 Mar 2022, 15:34

Type	Values Removed	Values Added
References	~~(MISC) https://slic3r.org -~~	(MISC) https://slic3r.org - Product, Vendor Advisory

10 Mar 2022, 17:44

Type	Values Removed	Values Added
References	~~{'url': 'http://slic3r.com', 'name': 'http://slic3r.com', 'tags': ['Not Applicable'], 'refsource': 'MISC'}~~ ~~{'url': 'https://slic3r.org/', 'name': 'https://slic3r.org/', 'tags': ['Product'], 'refsource': 'MISC'}~~ ~~{'url': 'http://libslic3r.com', 'name': 'http://libslic3r.com', 'tags': ['Broken Link'], 'refsource': 'MISC'}~~	(MISC) https://slic3r.org -

08 Mar 2022, 20:07

Type	Values Removed	Values Added
References		(MISC) https://slic3r.org/ - Product
References	~~(MISC) http://slic3r.com -~~	(MISC) http://slic3r.com - Not Applicable
References	~~(MISC) https://hackmd.io/KSI1bwGfSyO7T8UCf0HeTw -~~	(MISC) https://hackmd.io/KSI1bwGfSyO7T8UCf0HeTw - Exploit, Third Party Advisory
References	~~(MISC) http://libslic3r.com -~~	(MISC) http://libslic3r.com - Broken Link
CWE		CWE-125
CPE		cpe:2.3:a:slic3r:libslic3r:1.3.0:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 4.3 v3 : 5.5

01 Mar 2022, 02:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-03-01 02:15

Updated : 2024-11-21 06:31

NVD link : CVE-2021-44962

Mitre link : CVE-2021-44962

CVE.ORG link : CVE-2021-44962

JSON object : View

Products Affected

slic3r

libslic3r

CWE

CWE-125

Out-of-bounds Read

5.5 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2021-44962

5.5^/10

4.3^/10

Attach tags to `CVE-2021-44962`