First published: Wed Feb 10 2021(Updated: )
An out-of-bounds write vulnerability exists in the Obj.cpp load_obj() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
Credit: talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Prusa3d Prusaslicer | =2.2.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-28595 is an out-of-bounds write vulnerability in the Obj.cpp load_obj() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856).
CVE-2020-28595 allows an attacker to execute code by providing a specially crafted obj file to the PrusaSlicer software.
The severity of CVE-2020-28595 is high, with a CVSS score of 7.8.
To fix CVE-2020-28595, users should update to a patched version of PrusaSlicer.
More information about CVE-2020-28595 can be found at the following link: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1219