56 matches found
PrusaSlicer 2.6.1 - Arbitrary code execution
Exploit Title: PrusaSlicer 2.6.1 - Arbitrary code execution on g-code export Date: 16/01/2024 Exploit Author: Kamil Breński Vendor Homepage: https://www.prusa3d.com Software Link: https://github.com/prusa3d/PrusaSlicer Version: PrusaSlicer up to and including version 2.6.1 Tested on: Windows and...
USN-6216-1: lib3mf vulnerability
It was discovered that lib3mf did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted 3MF file, a local attacker could possibly use this issue to cause applications using lib3mf to crash, resulting in a denial of service, or possibly...
Microsoft Excel 3MF File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3MF...
Microsoft Excel 3MF File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3MF...
3MF Consortium lib3mf: Remote code execution
Background lib3mf is an implementation of the 3D Manufacturing Format file standard. Description Incorrect memory handling within lib3mf could result in a use-after-free. Impact An attacker that can provide malicious input to an application using 3MF Consortium's lib3mf could achieve remote code...
GLSA-202208-01 : 3MF Consortium lib3mf: Remote code execution
The remote host is affected by the vulnerability described in GLSA-202208-01 3MF Consortium lib3mf: Remote code execution - A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code...
Slic3r Denial of Service Vulnerability (CNVD-2022-67485)
slic3r is a slic3r open source 3D printing toolkit used to convert various 3-D print model file types into printer-specific machine code. slic3r version 1.3.0 has a denial-of-service vulnerability in the 3MF parser component that stems from not properly handling incoming error messages. An attack...
CVE-2021-45847
Several missing input validations in the 3MF parser component of Slic3r libslic3r 1.3.0 can each allow an attacker to cause an application crash using a crafted 3MF input file...
Input validation
Several missing input validations in the 3MF parser component of Slic3r libslic3r 1.3.0 can each allow an attacker to cause an application crash using a crafted 3MF input file...
CVE-2021-45847
Several missing input validations in the 3MF parser component of Slic3r libslic3r 1.3.0 can each allow an attacker to cause an application crash using a crafted 3MF input file...
CVE-2021-45847
Several missing input validations in the 3MF parser component of Slic3r libslic3r 1.3.0 can each allow an attacker to cause an application crash using a crafted 3MF input file...
CVE-2021-45847
CVE-2021-45847 affects libslic3r’s 3MF parser in Slic3r/libslic3r v1.3.0. The vulnerability arises from missing input validations in the 3MF parser, allowing an attacker to craft a 3MF input file that can cause the application to crash. This description is consistent across multiple connected sou...
CVE-2021-45847
Several missing input validations in the 3MF parser component of Slic3r libslic3r 1.3.0 can each allow an attacker to cause an application crash using a crafted 3MF input file...
CVE-2020-28594
A use-after-free vulnerability exists in the 3MFImporter::handleendmodel functionality of Prusa Research PrusaSlicer 2.2.0 and Master commit 4b040b856. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2020-28594
A use-after-free vulnerability exists in the 3MFImporter::handleendmodel functionality of Prusa Research PrusaSlicer 2.2.0 and Master commit 4b040b856. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2020-28594
A use-after-free vulnerability exists in the 3MFImporter::handleendmodel functionality of Prusa Research PrusaSlicer 2.2.0 and Master commit 4b040b856. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...
Design/Logic Flaw
A use-after-free vulnerability exists in the 3MFImporter::handleendmodel functionality of Prusa Research PrusaSlicer 2.2.0 and Master commit 4b040b856. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2020-28594
A use-after-free vulnerability exists in the 3MFImporter::handleendmodel functionality of Prusa Research PrusaSlicer 2.2.0 and Master commit 4b040b856. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2020-28594
A use-after-free vulnerability exists in the 3MFImporter::handleendmodel functionality of Prusa Research PrusaSlicer 2.2.0 and Master commit 4b040b856. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2020-28594
The CVE-2020-28594 entry details a use-after-free vulnerability in Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A crafted 3MF file triggers _3MF_Importer::_handle_end_model(), allowing potential code execution. Attacker-controlled input is the trigger, with impact described as ...