CVE-2023-35953

NameCVE-2023-35953
DescriptionMultiple stack-based buffer overflow vulnerabilities exist in the readOFF.cpp functionality of libigl v2.4.0. A specially-crafted .off file can lead to a buffer overflow. An attacker can arbitrary code execution to trigger these vulnerabilities.This vulnerability exists within the code responsible for parsing comments within the geometric vertices section within an OFF file.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
slic3r-prusa (PTS)buster1.39.2+dfsg-1vulnerable
bullseye2.3.0+dfsg-1vulnerable
bookworm2.5.0+dfsg-4vulnerable
sid2.7.4+dfsg-1.1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
slic3r-prusasource(unstable)(unfixed)

Notes

[bookworm] - slic3r-prusa <postponed> (Minor issue, revisit when/if fixed upstream)
[bullseye] - slic3r-prusa <postponed> (Minor issue, revisit when/if fixed upstream)
[buster] - slic3r-prusa <postponed> (Minor issue; can be fixed in next update)
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1784
https://github.com/libigl/libigl/issues/2387

Search for package or bug name: Reporting problems