Vulnerabilities > CVE-2023-27754 - Out-of-bounds Write vulnerability in Vox2Mesh Project Vox2Mesh 1.0

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

vox2mesh-project

CWE-787

NVD

Published: 2023-03-22

Updated: 2024-11-21

Summary

vox2mesh 1.0 has stack-overflow in main.cpp, this is stack-overflow caused by incorrect use of memcpy() funciton. The flow allows an attacker to cause a denial of service (abort) via a crafted file.

Vulnerable Configurations

Part	Description	Count
Application	Vox2Mesh_Project Vox2Mesh Project Vox2Mesh 1.0	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://github.com/10cksYiqiyinHangzhouTechnology/vox2mesh_poc
https://github.com/10cksYiqiyinHangzhouTechnology/vox2mesh_poc