CVE-2023-0973 LOW

CVE-2023-0973: Step Tools Third-Party

Vendor Step Tools
Product v18SP1 ifcmesh library
Weakness CWE-476
Published March 13, 2023
Last update January 16, 2025

CVSS base score

2.2/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

STEPTools v18SP1 ifcmesh library (v18.1) is affected due to a null pointer dereference, which could allow an attacker to deny application usage when reading a specially constructed file, resulting in an application crash.

Key dates

02Disclosure timeline

March 13, 2023 CVE published
January 16, 2025 Record updated