CVE-2020-28594

Name of the Vulnerable Software and Affected Versions: PrusaSlicer version 2.2.0 PrusaSlicer Master (commit 4b040b856)

Description: A use-after-free issue exists in the 3MF Importer:: handle end model() functionality. This can be triggered by a specially crafted 3MF file, potentially leading to code execution. An attacker can exploit this by providing a malicious file.

Recommendations: For PrusaSlicer version 2.2.0, consider avoiding the use of the 3MF Importer:: handle end model() functionality until a fix is available. For PrusaSlicer Master (commit 4b040b856), restrict the processing of 3MF files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.