801367 – (CVE-2020-28598) <media-gfx/prusaslicer-2.3.1: remote code execution via malicious input (CVE-2020-{28594,28598})

Bug 801367 (CVE-2020-28598) - <media-gfx/prusaslicer-2.3.1: remote code execution via malicious input (CVE-2020-{28594,28598})

Summary: <media-gfx/prusaslicer-2.3.1: remote code execution via malicious input (CVE-...

Status:	RESOLVED FIXED

Alias:	CVE-2020-28598

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial (vote)
Assignee:	Gentoo Security

URL:	https://talosintelligence.com/vulnera...
Whiteboard:	~2 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2021-07-09 18:34 UTC by John Helmert III
Modified:	2022-03-19 18:21 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2021-07-09 18:34:38 UTC

CVE-2020-28598:

An out-of-bounds write vulnerability exists in the Admesh stl_fix_normal_directions() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted AMF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.


This was evidently not publicly reported (not referenced by CVE or blogpost
and no issues upstream with a few relevant keywords).

Comment 1 NATTkA bot gentoo-dev

2021-07-29 17:21:09 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 2 NATTkA bot gentoo-dev

2021-07-29 17:29:17 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 3 NATTkA bot gentoo-dev

2021-07-29 17:37:14 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 4 NATTkA bot gentoo-dev

2021-07-29 17:45:17 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 5 NATTkA bot gentoo-dev

2021-07-29 17:53:20 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 6 NATTkA bot gentoo-dev

2021-07-29 18:01:15 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 7 NATTkA bot gentoo-dev

2021-07-29 18:09:36 UTC

Package list is empty or all packages have requested keywords.

Comment 8 John Helmert III archtester

2021-08-21 02:23:38 UTC

CVE-2020-28594:

A use-after-free vulnerability exists in the _3MF_Importer::_handle_end_model() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

Comment 9 Matthew Smith gentoo-dev

2022-03-19 16:40:48 UTC

These two vulnerabilities were fixed in PrusaSlicer 2.3.1-rc, the oldest version we still have in tree is 2.4.0.

https://github.com/prusa3d/PrusaSlicer/releases/tag/version_2.3.1-rc

Comment 10 John Helmert III archtester

2022-03-19 18:21:06 UTC

Thanks! All done.