First published: Tue Aug 17 2021(Updated: )
A use-after-free vulnerability exists in the _3MF_Importer::_handle_end_model() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
Credit: talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Prusa3d Prusaslicer | =2.2.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2020-28594 is high with a value of 7.8.
The affected software of CVE-2020-28594 is Prusa Research PrusaSlicer version 2.2.0.
The vulnerability CVE-2020-28594 occurs due to a use-after-free vulnerability in the _3MF_Importer::_handle_end_model() functionality of Prusa Research PrusaSlicer.
The vulnerability CVE-2020-28594 can lead to code execution when a specially crafted 3MF file is provided.
The vulnerability CVE-2020-28594 can be exploited by providing a malicious 3MF file.