CVE-2020-28590Improper Input Validation in Libslic3r

CWE-20Improper Input ValidationCWE-125Out-of-bounds Read6 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 48.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Slic3r Libslic3rDebian Slic3r
Timeline
PublishedApr 13
Latest updateMay 24

Description

An out-of-bounds read vulnerability exists in the Obj File TriangleMesh::TriangleMesh() functionality of Slic3r libslic3r 1.3.0 and Master Commit 92abbc42. A specially crafted obj file could lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDslic3r/libslic3r1.3.0
debiandebian/slic3r

🔴Vulnerability Details

2
GHSA
GHSA-6275-8j43-765j: An out-of-bounds read vulnerability exists in the Obj File TriangleMesh::TriangleMesh() functionality of Slic3r libslic3r 12022-05-24
OSV
CVE-2020-28590: An out-of-bounds read vulnerability exists in the Obj File TriangleMesh::TriangleMesh() functionality of Slic3r libslic3r 12021-04-13

📋Vendor Advisories

1
Debian
CVE-2020-28590: slic3r - An out-of-bounds read vulnerability exists in the Obj File TriangleMesh::Triangl...2020

🕵️Threat Intelligence

2
Talos
Vulnerability Spotlight: Out-of-bounds read vulnerability in Slic3r could lead to information disclosure2021-02-24
Talos
Vulnerability Spotlight: Out-of-bounds read vulnerability in Slic3r could lead to information disclosure2021-02-24