CVE-2020-28595
published 2021-02-10CVE-2020-28595: An out-of-bounds write vulnerability exists in the Obj.cpp load_obj() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A…
PriorityP337high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
1.47%
70.4th percentile
An out-of-bounds write vulnerability exists in the Obj.cpp load_obj() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | slic3r-prusa | — | — |
| prusa3d | prusaslicer | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv7.8HIGH
vendor_debian7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2020-28595: slic3r-prusa - An out-of-bounds write vulnerability exists in the Obj.cpp load_obj() functional...
vendor_debian·2020·CVSS 7.8
CVE-2020-28595 [HIGH] CVE-2020-28595: slic3r-prusa - An out-of-bounds write vulnerability exists in the Obj.cpp load_obj() functional...
An out-of-bounds write vulnerability exists in the Obj.cpp load_obj() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
Scope: local
bookworm: open
bullseye: open
forky: open
sid: open
trixie: open
GHSA
GHSA-m2f3-4gc2-3wcw: An out-of-bounds write vulnerability exists in the Obj
ghsa_unreviewed·2022-05-24
CVE-2020-28595 [HIGH] CWE-787 GHSA-m2f3-4gc2-3wcw: An out-of-bounds write vulnerability exists in the Obj
An out-of-bounds write vulnerability exists in the Obj.cpp load_obj() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
OSV
CVE-2020-28595: An out-of-bounds write vulnerability exists in the Obj
osv·2021-02-10·CVSS 7.8
CVE-2020-28595 [HIGH] CVE-2020-28595: An out-of-bounds write vulnerability exists in the Obj
An out-of-bounds write vulnerability exists in the Obj.cpp load_obj() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: Code execution vulnerabilities in PrusaSlicer
blogs_talos·2021-04-21·CVSS 7.8
[HIGH] Vulnerability Spotlight: Code execution vulnerabilities in PrusaSlicer
## Vulnerability Spotlight: Code execution vulnerabilities in PrusaSlicer
Lilith >_> of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco Talos recently discovered two out-of-bounds write vulnerabilities in Prusa Research’s PrusaSlicer. Prusa Slicer is an open-source 3-D printer slicing program forked off Slic3r that can convert various 3-D model file formats and can output corresponding 3-D printer-readable Gcode. Two functions in the software could be exploited with specially crafted OBJ files to cause out-of-bounds and buffer overflow conditions, to then gain the ability to execute code on the victim machine.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Prusa Research to disclose these vulnerabilities and ensure that an update i
Talos
Vulnerability Spotlight: Code execution vulnerabilities in PrusaSlicer
blogs_talos·2021-04-21·CVSS 7.8
[HIGH] Vulnerability Spotlight: Code execution vulnerabilities in PrusaSlicer
Lilith >_> of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco Talos recently discovered two out-of-bounds write vulnerabilities in Prusa Research’s PrusaSlicer. Prusa Slicer is an open-source 3-D printer slicing program forked off Slic3r that can convert various 3-D model file formats and can output corresponding 3-D printer-readable Gcode. Two functions in the software could be exploited with specially crafted OBJ files to cause out-of-bounds and buffer overflow conditions, to then gain the ability to execute code on the victim machine.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Prusa Research to disclose these vulnerabilities and ensure that an update is available.
## Vulnerability details
Prusa Research PrusaSlicer Obj.cpp
Talos
Vulnerability Spotlight: Multiple vulnerabilities in PrusaSlicer
blogs_talos·2021-01-19·CVSS 7.8
[HIGH] Vulnerability Spotlight: Multiple vulnerabilities in PrusaSlicer
## Vulnerability Spotlight: Multiple vulnerabilities in PrusaSlicer
Lilith >_> of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco Talos recently discovered two out-of-bounds write vulnerabilities in Prusa Research’s PrusaSlicer. Prusa Slicer is an open-source 3-D printer slicing program forked off Slic3r that can convert various 3-D model file formats and can output corresponding 3-D printer-readable Gcode. Two functions in the software could be exploited with specially crafted OBJ and AMF files to cause an out-of-bounds write condition or a buffer overflow, and then execute code on the victim machine.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Prusa Research to disclose these vulnerabilities and ensure that an update is availa
Talos
Vulnerability Spotlight: Multiple vulnerabilities in PrusaSlicer
blogs_talos·2021-01-19·CVSS 7.8
[HIGH] Vulnerability Spotlight: Multiple vulnerabilities in PrusaSlicer
Lilith >_> of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco Talos recently discovered two out-of-bounds write vulnerabilities in Prusa Research’s PrusaSlicer. Prusa Slicer is an open-source 3-D printer slicing program forked off Slic3r that can convert various 3-D model file formats and can output corresponding 3-D printer-readable Gcode. Two functions in the software could be exploited with specially crafted OBJ and AMF files to cause an out-of-bounds write condition or a buffer overflow, and then execute code on the victim machine.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Prusa Research to disclose these vulnerabilities and ensure that an update is available.
## Vulnerability details
Prusa Research PrusaSlicer Obj.cpp lo
2021-02-10
Published