CVE-2020-28590

CVSS v3.1

8.6

High

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Slic3r libslic3r version 1.3.0 Slic3r libslic3r Master Commit 92abbc42

Description: An out-of-bounds read issue exists in the TriangleMesh::TriangleMesh() functionality when handling obj files. This could lead to information disclosure if a specially crafted obj file is provided by an attacker.

Recommendations: For Slic3r libslic3r version 1.3.0, consider avoiding the use of the TriangleMesh::TriangleMesh() function with untrusted obj files until a fix is available. For Slic3r libslic3r Master Commit 92abbc42, restrict the processing of obj files to trusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-20

Related Identifiers

CVE-2020-28590

Affected Products

Debian

Slic3R

Libslic3R

CVE-2020-28590

Weakness Enumeration

Related Identifiers

Affected Products

References · 9