Francesco Benvenuto of Cisco Talos discovered this vulnerability.
Cisco Talos recently discovered an improper array index validation vulnerability in a functionality of the ADMesh library.
ADMesh is a C library used to process 3-D triangular meshes.
Talos found an improper array index validation vulnerability in TALOS-2022-1594 (CVE-2022-38072). A specially crafted STL file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
Cisco Talos worked with ADMesh to ensure that this issue was resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy.
Users are encouraged to update these affected products as soon as possible: ADMesh Master Commit 767a105, Slic3r libslic3r Master Commit b1a5500 and ADMesh v0.98.4. Talos tested and confirmed these versions could be exploited by these vulnerabilities.
The following Snort rules will detect exploitation attempts against these vulnerabilities: 60544 and 60545. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.
Article Link: Vulnerability Spotlight: Buffer overflow vulnerability in ADMesh library