CVE-2020-28595

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: PrusaSlicer versions 2.2.0 and Master (commit 4b040b856)

Description: An out-of-bounds write issue exists in the load obj() functionality of the Obj.cpp file. This can be triggered by a specially crafted obj file, potentially leading to code execution. An attacker can exploit this by providing a malicious file.

Recommendations: For version 2.2.0, consider disabling the load obj() function in the Obj.cpp file until a patch is available. For Master (commit 4b040b856), restrict the use of the Obj.cpp file to minimize the risk of exploitation. As a temporary workaround, avoid using the Obj.cpp file with untrusted obj files until the issue is resolved.

Exploit

Fix

Heap Based Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-787

Related Identifiers

CVE-2020-28595

Affected Products

Debian

Prusaslicer

CVE-2020-28595

Weakness Enumeration

Related Identifiers

Affected Products

References · 12