CVE-2021-21772 PoC — Martin Weismann lib3mf 资源管理错误漏洞

Source

https://github.com/3dluvr/New-lib3mf.dll-for-MeshMixer

Associated Vulnerability

Title:Martin Weismann lib3mf 资源管理错误漏洞 (CVE-2021-21772)
Description:Martin Weismann lib3mf是 Martin Weismann开源的一个应用软件。提供3MF读写功能，以及用于输入和输出数据的转换和验证工具。 3MF Consortium lib3mf 2.0.0 存在资源管理错误漏洞，攻击者可利用该漏洞提交恶意文件。

Description

Precompiled lib3mf.dll for MeshMixer which includes a backported patch for CVE-2021-21772 and zlib 1.3.1

Readme

# New lib3mf.dll for MeshMixer
Precompiled lib3mf.dll for MeshMixer which includes a backported patch for CVE-2021-21772, and an updated zlib 1.3.1

Replace your original one at C:\Program Files\Autodesk\Meshmixer\

---------

CVE-2021-21772: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1226

The code came from the following release: https://github.com/3MFConsortium/lib3mf/releases/tag/v1.8.1

Commit to patch the CVE-2021-21772: https://github.com/3MFConsortium/lib3mf/commit/82522923707999f272b9fc94f2c6b2f24f0ef843

Updated zlib from: https://github.com/madler/zlib/

## MeshMixer 3.5 download links

https://web.archive.org/web/20200220222607/http://www.meshmixer.com/download.html

File Snapshot


 [4.0K]  /data/pocs/994e5dc7466588a0c14873a82f3b9435cd166099
├── [1.3M]  lib3MF.dll
└── [ 707]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!