MidnightBSD

Advisories for 3mf

CVE-2021-21772 MEDIUM

A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP() functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
fedoraproject fedora 32
3mf lib3mf 2.0.0
debian debian_linux 10.0
fedoraproject fedora 33
fedoraproject fedora 34