Lilith >_> of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco Talos recently discovered two out-of-bounds write vulnerabilities in Prusa Research’s PrusaSlicer. Prusa Slicer is an open-source 3-D printer slicing program forked off Slic3r that can convert various 3-D model file formats and can output corresponding 3-D printer-readable Gcode. Two functions in the software could be exploited with specially crafted OBJ and AMF files to cause an out-of-bounds write condition or a buffer overflow, and then execute code on the victim machine.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Prusa Research to disclose these vulnerabilities and ensure that an update is available.
Vulnerability details
Prusa Research PrusaSlicer Obj.cpp load_obj() out-of-bounds write vulnerability (TALOS-2020-1219/CVE-2020-28595)
An out-of-bounds write vulnerability exists in the Obj.cpp load_obj() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
Read the complete vulnerability advisory here for additional information.
Prusa Research PrusaSlicer Objparser::objparse() stack-based buffer overflow vulnerability (TALOS-2020-1220/CVE-2020-28598)
A stack-based buffer overflow vulnerability exists in the Objparser::objparse() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An attacker can prov ..
Support the originator by clicking the read the rest link below.
