Lilith >_> of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.

3MF Consortium’s lib3mf library is vulnerable to a use-after-free vulnerability that could allow an
adversary to execute remote code on the victim machine. The lib3mf library is an open-source implementation of the 3MF file format and standard, mainly used for 3D-printing. An attacker could send a target a specially crafted file to create a use-after-free condition. The 3MF standard has been adopted in a variety of products and lib3mf itself has been confirmed to be used in open-source programs like OpenSCAD and LibCGAL.

In accordance with our coordinated disclosure policy, Cisco Talos worked with 3MF Consortium to ensure that this issue is resolved and that an update is available for affected customers.

Vulnerability details

3MF Consortium lib3mf NMR::COpcPackageReader::releaseZIP() use-after-free vulnerability (TALOS-2021-1226/CVE-2021-21772)

A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP() functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

Versions tested

Talos tested and confirmed that this vulnerability affects 3MF Consortium lib3mf, version 2.0.0.


The following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or

Snort Rules: 56994, 56995