First published: Thu Jul 08 2021(Updated: )
An out-of-bounds write vulnerability exists in the Admesh stl_fix_normal_directions() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted AMF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
Credit: talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Prusa3d Prusaslicer | =2.2.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-28598 is an out-of-bounds write vulnerability in the Admesh stl_fix_normal_directions() functionality of Prusa Research PrusaSlicer.
CVE-2020-28598 can be exploited by providing a specially crafted AMF file, which can lead to code execution.
PrusaSlicer version 2.2.0 is affected by CVE-2020-28598.
CVE-2020-28598 has a severity rating of 7.8 (high).
To mitigate CVE-2020-28598, users are advised to update to a non-vulnerable version of PrusaSlicer.