3MF Consortium lib3mf: Remote code execution — GLSA 202208-01

A vulnerability in lib3mf could lead to remote code execution.

Affected packages

media-libs/lib3mf on all architectures
Affected versions < 2.1.1
Unaffected versions >= 2.1.1

Background

lib3mf is an implementation of the 3D Manufacturing Format file standard.

Description

Incorrect memory handling within lib3mf could result in a use-after-free.

Impact

An attacker that can provide malicious input to an application using 3MF Consortium's lib3mf could achieve remote code execution.

Workaround

There is no known workaround at this time.

Resolution

All 3MF Consortium lib3mf users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-libs/lib3mf-2.1.1"
 

References

Release date
August 04, 2022

Latest revision
August 04, 2022: 1

Severity
normal

Exploitable
remote

Bugzilla entries