High severityNVD Advisory· Published Apr 3, 2023· Updated Feb 11, 2025
CVE-2022-38072
CVE-2022-38072
Description
An improper array index validation vulnerability exists in the stl_fix_normal_directions functionality of ADMesh Master Commit 767a105 and v0.98.4. A specially-crafted stl file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
admeshPyPI | < 0.98.5 | 0.98.5 |
Affected products
1Patches
15fab257268a0Check the neighbor_index in stl_check_normal_vector
1 file changed · +2 −1
src/normals.c+2 −1 modified@@ -142,7 +142,8 @@ stl_fix_normal_directions(stl_file *stl) { } } /* If this edge of the facet is connected: */ - if(stl->neighbors_start[facet_num].neighbor[j] != -1) { + if(stl->neighbors_start[facet_num].neighbor[j] != -1 && + stl->neighbors_start[facet_num].neighbor[j] < stl->stats.number_of_facets*sizeof(char)) { /* If we haven't fixed this facet yet, add it to the list: */ if(norm_sw[stl->neighbors_start[facet_num].neighbor[j]] != 1) { /* Add node to beginning of list. */
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-v5hv-4pw3-q6h9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-38072ghsaADVISORY
- github.com/admesh/admesh/commit/5fab257268a0ee6f832c18d72af89810a29fbd5fghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/admesh/PYSEC-2023-263.yamlghsaWEB
- talosintelligence.com/vulnerability_reports/TALOS-2022-1594ghsaWEB
News mentions
0No linked articles in our index yet.