Executive Summary

CVE-2026-2653 is a heap-based buffer overflow vulnerability found in the ADMesh software up to version 0.98.5. It occurs in the function stl_check_normal_vector within the source file src/normals.c. The vulnerability arises because the function uses an index parameter without proper validation, leading to out-of-bounds access when processing malformed STL files. This causes a heap buffer overflow during normal vector checking and fixing operations.

The overflow happens when the software reads memory beyond the allocated heap buffer, which can corrupt memory and potentially allow an attacker to execute arbitrary code or cause a denial of service. The attack must be initiated locally, and a proof-of-concept exploit has been publicly released.

ADMesh is a command-line tool and C library used for processing STL files, including checking and repairing mesh flaws. This vulnerability affects the normal vector checking functionality, which is critical for ensuring mesh correctness.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to memory corruption through a heap-based buffer overflow, which may allow an attacker with local access to execute arbitrary code or cause a denial of service on the system running ADMesh.

Since the vulnerability is triggered by processing specially crafted malformed STL files, an attacker could exploit this by providing such files to the software, potentially compromising the confidentiality, integrity, and availability of the affected system.

Because ADMesh is not actively maintained and no patches or mitigations are available, users are advised to consider replacing it with alternative software to avoid exposure.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

This vulnerability is a heap-based buffer overflow in the admesh software when processing STL files, specifically triggered by malformed STL files during normal vector checks.

Detection involves identifying attempts to exploit the vulnerability by monitoring the use of admesh version 0.98.5 or earlier when processing STL files, especially those that may be malformed.

Since admesh is a command-line tool for processing STL files, you can detect suspicious activity by checking for crashes or abnormal behavior when running admesh commands on STL files.

Suggested commands to detect potential exploitation or test for the vulnerability include running admesh with STL files and monitoring for crashes or errors:

• admesh --check <file.stl> # Checks STL file for flaws including normal vector issues
• admesh --repair <file.stl> # Attempts to repair STL files, which triggers the vulnerable code path

Additionally, fuzz testing tools like AFL++ and AddressSanitizer (ASan) have been used to discover this vulnerability, so similar fuzzing techniques could be employed to detect attempts to exploit it.

Useful 0 Not Useful 0

Mitigation Strategies

There are no known patches or fixes available for this vulnerability because the admesh software is no longer actively maintained.

Immediate mitigation steps include:

• Avoid processing untrusted or malformed STL files with admesh versions up to 0.98.5.
• Restrict local access to systems running vulnerable versions of admesh to prevent exploitation, as the attack requires local access.
• Consider replacing admesh with alternative software that is actively maintained and does not have this vulnerability.
• Monitor systems for crashes or abnormal behavior related to admesh usage.

Useful 0 Not Useful 0