Out-of-bounds Write, Divide By Zero, NULL Pointer Dereference, Use of Uninitialized Resource, Out-of-bounds Read, Reachable Assertion vulnerability in cadaver turso3d.This issue affects .
The vulnerabilities include out-of-bounds write (Out-of-bounds Write, CWE-787), out-of-bounds read (Out-of-bounds Read, CWE-125), NULL pointer dereference (NULL Pointer Dereference, CWE-476), division by zero (Divide By Zero, CWE-369), use of uninitialized resource (Use of Uninitialized Resource, CWE-908), and reachable assertions (Reachable Assertion, CWE-617). These errors can be triggered by maliciously crafted input data processed by the library. A remote, unauthenticated attacker can deliver a malicious payload without any interaction from the victim.
An attacker can achieve arbitrary code execution (RCE), destabilization or complete shutdown of an application using the library, as well as leakage or corruption of data in the process memory.
Patches available from the vendor should be applied according to the references — the fix is being processed as pull request #11 in the repository https://github.com/cadaver/turso3d/pull/11.
The turso3d library of the cadaver project — versions indicated in the vendor references (pull request #11 on GitHub).
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X