First published: Wed Feb 10 2021(Updated: )
A stack-based buffer overflow vulnerability exists in the Objparser::objparse() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
Credit: talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Prusa3d Prusaslicer | =2.2.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-28596 is a stack-based buffer overflow vulnerability in the Objparser::objparse() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856).
An attacker can exploit CVE-2020-28596 by providing a specially crafted obj file, which can lead to code execution.
The severity of CVE-2020-28596 is high with a CVSS score of 7.8.
Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856) are affected by CVE-2020-28596.
To mitigate CVE-2020-28596, users should update PrusaSlicer to a patched version or apply the necessary security updates provided by Prusa Research.