Source: slic3r-prusa X-Debbugs-CC: [email protected] Severity: important Tags: security
Hi, The following vulnerabilities were published for slic3r-prusa. Although these are quite old, I believe they have never been properly reported upstream and are unfixed to this day? CVE-2020-28594[0]: | A use-after-free vulnerability exists in the | _3MF_Importer::_handle_end_model() functionality of Prusa Research | PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted | 3MF file can lead to code execution. An attacker can provide a | malicious file to trigger this vulnerability. https://talosintelligence.com/vulnerability_reports/TALOS-2020-1218 CVE-2020-28595[1]: | An out-of-bounds write vulnerability exists in the Obj.cpp | load_obj() functionality of Prusa Research PrusaSlicer 2.2.0 and | Master (commit 4b040b856). A specially crafted obj file can lead to | code execution. An attacker can provide a malicious file to trigger | this vulnerability. https://talosintelligence.com/vulnerability_reports/TALOS-2020-1219 CVE-2020-28596[2]: | A stack-based buffer overflow vulnerability exists in the | Objparser::objparse() functionality of Prusa Research PrusaSlicer | 2.2.0 and Master (commit 4b040b856). A specially crafted obj file | can lead to code execution. An attacker can provide a malicious file | to trigger this vulnerability. https://talosintelligence.com/vulnerability_reports/TALOS-2020-1220 CVE-2020-28598[3]: | An out-of-bounds write vulnerability exists in the Admesh | stl_fix_normal_directions() functionality of Prusa Research | PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted | AMF file can lead to code execution. An attacker can provide a | malicious file to trigger this vulnerability. https://talosintelligence.com/vulnerability_reports/TALOS-2020-1222 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-28594 https://www.cve.org/CVERecord?id=CVE-2020-28594 [1] https://security-tracker.debian.org/tracker/CVE-2020-28595 https://www.cve.org/CVERecord?id=CVE-2020-28595 [2] https://security-tracker.debian.org/tracker/CVE-2020-28596 https://www.cve.org/CVERecord?id=CVE-2020-28596 [3] https://security-tracker.debian.org/tracker/CVE-2020-28598 https://www.cve.org/CVERecord?id=CVE-2020-28598 Please adjust the affected versions in the BTS as needed.

