{"id":"CVE-2022-38072","details":"An improper array index validation vulnerability exists in the stl_fix_normal_directions functionality of ADMesh Master Commit 767a105 and v0.98.4. A specially-crafted stl file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.","aliases":["GHSA-v5hv-4pw3-q6h9"],"modified":"2026-04-12T01:27:53.369590Z","published":"2023-04-03T16:15:07.343Z","references":[{"type":"WEB","url":"https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1594"},{"type":"FIX","url":"https://github.com/admesh/admesh/commit/5fab257268a0ee6f832c18d72af89810a29fbd5f"},{"type":"EVIDENCE","url":"https://talosintelligence.com/vulnerability_reports/TALOS-2022-1594"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/admesh/admesh","events":[{"introduced":"0"},{"last_affected":"7f22e3fa361db7bb92062d185ecba8e786904f28"},{"fixed":"5fab257268a0ee6f832c18d72af89810a29fbd5f"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.98.4"}]}}],"versions":["v0.95","v0.97.3","v0.97.4","v0.97.5","v0.98.0","v0.98.0alpha","v0.98.0beta","v0.98.0rc1","v0.98.1","v0.98.2","v0.98.3","v0.98.4"],"database_specific":{"vanir_signatures":[{"id":"CVE-2022-38072-2fd3b084","source":"https://github.com/admesh/admesh/commit/5fab257268a0ee6f832c18d72af89810a29fbd5f","signature_version":"v1","deprecated":false,"target":{"function":"stl_fix_normal_directions","file":"src/normals.c"},"signature_type":"Function","digest":{"length":1969,"function_hash":"128438977467078069005944980978530379015"}},{"id":"CVE-2022-38072-f7640dd7","source":"https://github.com/admesh/admesh/commit/5fab257268a0ee6f832c18d72af89810a29fbd5f","signature_version":"v1","deprecated":false,"target":{"file":"src/normals.c"},"signature_type":"Line","digest":{"line_hashes":["29381961251666579836304160910035144137","331296357432087497437842914233706502226","303314701913237536942182058952154523497","149908783363205597030533835287843711044"],"threshold":0.9}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-38072.json","vanir_signatures_modified":"2026-04-12T01:27:53Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"2022-11-18"}]},{"events":[{"introduced":"0"},{"last_affected":"b1a5500"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}