{"id":"PYSEC-2023-263","details":"An improper array index validation vulnerability exists in the stl_fix_normal_directions functionality of ADMesh Master Commit 767a105 and v0.98.4. A specially-crafted stl file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.","aliases":["CVE-2022-38072","GHSA-v5hv-4pw3-q6h9"],"modified":"2026-06-10T17:00:07.507494768Z","published":"2023-04-03T16:15:00Z","withdrawn":"2024-11-22T04:37:03Z","references":[{"type":"EVIDENCE","url":"https://talosintelligence.com/vulnerability_reports/TALOS-2022-1594"},{"type":"WEB","url":"https://talosintelligence.com/vulnerability_reports/TALOS-2022-1594"},{"type":"FIX","url":"https://github.com/admesh/admesh/commit/5fab257268a0ee6f832c18d72af89810a29fbd5f"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-v5hv-4pw3-q6h9"}],"affected":[{"package":{"name":"admesh","ecosystem":"PyPI","purl":"pkg:pypi/admesh"},"ranges":[{"type":"GIT","repo":"https://github.com/admesh/admesh","events":[{"introduced":"0"},{"fixed":"5fab257268a0ee6f832c18d72af89810a29fbd5f"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.96","0.98","0.98.1","0.98.2","0.98.3","0.98.4","0.98.5","0.98.6","0.98.7","0.98.8","0.98.9","0.98a1","v0.98.2","v0.98.1","v0.98.0","v0.98.0rc1","v0.98.0beta","v0.98.0alpha","v0.97.5","v0.97.4","v0.97.3","v0.95"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/admesh/PYSEC-2023-263.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}