Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-21772 PoC — Martin Weismann lib3mf 资源管理错误漏洞

Source
https://github.com/3dluvr/New-lib3mf.dll-for-MeshMixer
Associated Vulnerability
Title:Martin Weismann lib3mf 资源管理错误漏洞 (CVE-2021-21772)
Description:A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP() functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
Description
Precompiled lib3mf.dll for MeshMixer which includes a backported patch for CVE-2021-21772 and zlib 1.3.1
Readme
# New lib3mf.dll for MeshMixer
Precompiled lib3mf.dll for MeshMixer which includes a backported patch for CVE-2021-21772, and an updated zlib 1.3.1

Replace your original one at C:\Program Files\Autodesk\Meshmixer\

---------

CVE-2021-21772: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1226

The code came from the following release: https://github.com/3MFConsortium/lib3mf/releases/tag/v1.8.1

Commit to patch the CVE-2021-21772: https://github.com/3MFConsortium/lib3mf/commit/82522923707999f272b9fc94f2c6b2f24f0ef843

Updated zlib from: https://github.com/madler/zlib/

## MeshMixer 3.5 download links

https://web.archive.org/web/20200220222607/http://www.meshmixer.com/download.html
File Snapshot

 [4.0K]  /data/pocs/994e5dc7466588a0c14873a82f3b9435cd166099
├── [1.3M]  lib3MF.dll
└── [ 707]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →