Vulnerability Spotlight: Code execution vulnerabilities in PrusaSlicer

Lilith of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered two out-of-bounds write vulnerabilities in Prusa Research’s PrusaSlicer. Prusa Slicer is an open-source 3-D printer slicing program forked off Slic3r that can convert various 3-D... This i...

Prusa Research PrusaSlicer Admesh stl_fix_normal_directions() out-of-bounds write vulnerability

Summary An out-of-bounds write vulnerability exists in the Admesh stlfixnormaldirections functionality of Prusa Research PrusaSlicer 2.2.0 and Master commit 4b040b856. A specially crafted AMF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

Prusa Research PrusaSlicer Obj.cpp load_obj() out-of-bounds write vulnerability

Summary An out-of-bounds write vulnerability exists in the Obj.cpp loadobj functionality of Prusa Research PrusaSlicer 2.2.0 and Master commit 4b040b856. A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Tested Version...

Vulnerability Spotlight: Multiple vulnerabilities in PrusaSlicer

Lilith of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered two out-of-bounds write vulnerabilities in Prusa Research’s PrusaSlicer. Prusa Slicer is an open-source 3-D printer slicing program forked off Slic3r that can convert various 3-D model fil...

Threat Source newsletter for April 9, 2020

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Nearly all devices have some sort of fingerprint scanner now, used to log users in. But these scanners prevent their own unique attack...