[3dprinter-general] Bug#1074415: slic3r-prusa: CVE-2020-28594 CVE-2020-28595 CVE-2020-28596 CVE-2020-28598

Moritz Mühlenhoff jmm at inutil.org
Fri Jun 28 12:39:37 BST 2024 

Source: slic3r-prusa
X-Debbugs-CC: team at security.debian.org
Severity: important
Tags: security

Hi,

The following vulnerabilities were published for slic3r-prusa.

Although these are quite old, I believe they have never been properly
reported upstream and are unfixed to this day?

CVE-2020-28594[0]:
| A use-after-free vulnerability exists in the
| _3MF_Importer::_handle_end_model() functionality of Prusa Research
| PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted
| 3MF file can lead to code execution. An attacker can provide a
| malicious file to trigger this vulnerability.

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1218

CVE-2020-28595[1]:
| An out-of-bounds write vulnerability exists in the Obj.cpp
| load_obj() functionality of Prusa Research PrusaSlicer 2.2.0 and
| Master (commit 4b040b856). A specially crafted obj file can lead to
| code execution. An attacker can provide a malicious file to trigger
| this vulnerability.

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1219

CVE-2020-28596[2]:
| A stack-based buffer overflow vulnerability exists in the
| Objparser::objparse() functionality of Prusa Research PrusaSlicer
| 2.2.0 and Master (commit 4b040b856). A specially crafted obj file
| can lead to code execution. An attacker can provide a malicious file
| to trigger this vulnerability.

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1220

CVE-2020-28598[3]:
| An out-of-bounds write vulnerability exists in the Admesh
| stl_fix_normal_directions() functionality of Prusa Research
| PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted
| AMF file can lead to code execution. An attacker can provide a
| malicious file to trigger this vulnerability.

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1222

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2020-28594
    https://www.cve.org/CVERecord?id=CVE-2020-28594
[1] https://security-tracker.debian.org/tracker/CVE-2020-28595
    https://www.cve.org/CVERecord?id=CVE-2020-28595
[2] https://security-tracker.debian.org/tracker/CVE-2020-28596
    https://www.cve.org/CVERecord?id=CVE-2020-28596
[3] https://security-tracker.debian.org/tracker/CVE-2020-28598
    https://www.cve.org/CVERecord?id=CVE-2020-28598

Please adjust the affected versions in the BTS as needed.

More information about the 3dprinter-general mailing list