CVE-2022-38072

HIGH Year: 2022
CVSS v3 Score
8.8
High
Weakness Type
CWE-118
View all →

Vulnerability Description

An improper array index validation vulnerability exists in the stl_fix_normal_directions functionality of ADMesh Master Commit 767a105 and v0.98.4. A specially-crafted stl file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

Related Vulnerabilities

CVE-2020-3369

HIGH
CVSS:8.6(High)

A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected dev...

CWE-1182020

CVE-2014-9411

CRITICAL
CVSS:9.8(Critical)

In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in rollback protection.

CWE-1182014

CVE-2015-2000

CRITICAL
CVSS:9.8(Critical)

The Jumio SDK before 1.5.0 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to ...

CWE-1182015

CVE-2015-2001

CRITICAL
CVSS:9.8(Critical)

The MetaIO SDK before 6.0.2.1 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer ...

CWE-1182015

CVE-2015-2002

CRITICAL
CVSS:9.8(Critical)

The ESRI ArcGis Runtime SDK before 10.2.6-2 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-contr...

CWE-1182015

CVE-2015-2003

CRITICAL
CVSS:9.8(Critical)

The PJSIP PJSUA2 SDK before SVN Changeset 51322 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-c...

CWE-1182015