CVE-2026-2653

A security flaw has been discovered in admesh up to 0.98.5. This issue affects the function stl_check_normal_vector of the file src/normals.c. Performing a manipulation results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. It looks like this product is not really maintained anymore.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VulDBCNA
5.3 MEDIUM
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Affected Products (NVD)
VendorProductVersion
admesh_projectadmesh
𝑥
≤ 0.98.5
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
admesh
bookworm
no-dsa
bullseye
postponed
forky
vulnerable
sid
vulnerable
trixie
no-dsa
Common Weakness Enumeration
References
https://github.com/admesh/admesh/
https://github.com/admesh/admesh/issues/65
https://github.com/admesh/admesh/issues/65#issuecomment-3804571402
https://github.com/user-attachments/files/24878279/id.000035.sig.06.src.000550.time.910126.execs.241742.op.havoc.rep.5.zip
https://vuldb.com/?ctiid.346450
https://vuldb.com/?id.346450
https://vuldb.com/?submit.752596