Headline
CVE-2021-45846: NULL pointer dereference in AMF XML parser (metadata tag without type attribute) · Issue #5117 · slic3r/Slic3r
A flaw in the AMF parser of Slic3r libslic3r 1.3.0 allows an attacker to cause an application crash using a crafted AMF document, where a metadata tag lacks a “type” attribute.
A crafted AMF XML document can cause a crash due to a NULL pointer dereference during parsing.
<amf unit="millimeter">
<object id="0">
<metadata>dummy</metadata>
</object>
</amf>
An attempt is made to read the type attribute of the <metadata> tag, at AMF.cpp:189. The PoC contains a metadata tag without a type attribute.
get_attribute() returns NULL, and thus the creation of the std::string m_value[0] crashes.
Denial of Service.
Check for NULL before trying to construct the std::string, set a default value or reject the tag. Similar checks are already in place at line 163 and others.