CVE-2020-28596
published 2021-02-10CVE-2020-28596: A stack-based buffer overflow vulnerability exists in the Objparser::objparse() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit…
PriorityP337high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
1.44%
69.8th percentile
A stack-based buffer overflow vulnerability exists in the Objparser::objparse() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | slic3r-prusa | — | — |
| prusa3d | prusaslicer | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv7.8HIGH
vendor_debian7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v5r5-m654-v47x: A stack-based buffer overflow vulnerability exists in the Objparser::objparse() functionality of Prusa Research PrusaSlicer 2
ghsa_unreviewed·2022-05-24
CVE-2020-28596 [HIGH] CWE-787 GHSA-v5r5-m654-v47x: A stack-based buffer overflow vulnerability exists in the Objparser::objparse() functionality of Prusa Research PrusaSlicer 2
A stack-based buffer overflow vulnerability exists in the Objparser::objparse() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
OSV
CVE-2020-28596: A stack-based buffer overflow vulnerability exists in the Objparser::objparse() functionality of Prusa Research PrusaSlicer 2
osv·2021-02-10·CVSS 7.8
CVE-2020-28596 [HIGH] CVE-2020-28596: A stack-based buffer overflow vulnerability exists in the Objparser::objparse() functionality of Prusa Research PrusaSlicer 2
A stack-based buffer overflow vulnerability exists in the Objparser::objparse() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
Debian
CVE-2020-28596: slic3r-prusa - A stack-based buffer overflow vulnerability exists in the Objparser::objparse() ...
vendor_debian·2020·CVSS 7.8
CVE-2020-28596 [HIGH] CVE-2020-28596: slic3r-prusa - A stack-based buffer overflow vulnerability exists in the Objparser::objparse() ...
A stack-based buffer overflow vulnerability exists in the Objparser::objparse() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
Scope: local
bookworm: open
bullseye: open
forky: open
sid: open
trixie: open
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: Code execution vulnerabilities in PrusaSlicer
blogs_talos·2021-04-21·CVSS 7.8
[HIGH] Vulnerability Spotlight: Code execution vulnerabilities in PrusaSlicer
## Vulnerability Spotlight: Code execution vulnerabilities in PrusaSlicer
Lilith >_> of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco Talos recently discovered two out-of-bounds write vulnerabilities in Prusa Research’s PrusaSlicer. Prusa Slicer is an open-source 3-D printer slicing program forked off Slic3r that can convert various 3-D model file formats and can output corresponding 3-D printer-readable Gcode. Two functions in the software could be exploited with specially crafted OBJ files to cause out-of-bounds and buffer overflow conditions, to then gain the ability to execute code on the victim machine.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Prusa Research to disclose these vulnerabilities and ensure that an update i
Talos
Vulnerability Spotlight: Code execution vulnerabilities in PrusaSlicer
blogs_talos·2021-04-21·CVSS 7.8
[HIGH] Vulnerability Spotlight: Code execution vulnerabilities in PrusaSlicer
Lilith >_> of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco Talos recently discovered two out-of-bounds write vulnerabilities in Prusa Research’s PrusaSlicer. Prusa Slicer is an open-source 3-D printer slicing program forked off Slic3r that can convert various 3-D model file formats and can output corresponding 3-D printer-readable Gcode. Two functions in the software could be exploited with specially crafted OBJ files to cause out-of-bounds and buffer overflow conditions, to then gain the ability to execute code on the victim machine.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Prusa Research to disclose these vulnerabilities and ensure that an update is available.
## Vulnerability details
Prusa Research PrusaSlicer Obj.cpp
2021-02-10
Published