CVE-2018-25033

Vulnerability

ADMesh through version 0.98.4 has a heap-based buffer over-read in the function stl_update_connects_remove_1 located in connect.c of the static library libadmesh.a. The bug is triggered when processing a crafted STL file via the stl_remove_degenerate code path during mesh repair operations [1][2][3].

Exploitation

An attacker can exploit this vulnerability by providing a specially crafted STL file to the admesh command-line tool or library. No authentication or special privileges are required; the attacker only needs to convince a user or automated system to process the malicious file using ADMesh. The over-read occurs within stl_update_connects_remove_1, which is called from stl_remove_degenerate during the removal of degenerate facets [3].

Impact

A successful exploitation leads to a heap-buffer-over-read, which may crash the application (denial of service). Depending on the memory layout, an attacker could potentially read sensitive heap data, though the primary impact is a denial of service due to the read of size 4 at a memory offset 16 bytes to the left of an allocated region [3].

Mitigation

The vulnerability is fixed in version 0.98.5, released on the project's GitHub releases page [1]. Users should upgrade to ADMesh 0.98.5 or later. No workarounds are documented; processing untrusted STL files without upgrading is not recommended. The project is in maintenance mode, but security fixes are still provided [1].