openscad is vulnerable to arbitrary code execution. A stack-based buffer overflow vulnerability in the import_stl.cc:import_stl()
functionality allows an attacker to execute arbitrary code on the host OS via a malicious STL file.
CPE | Name | Operator | Version |
---|---|---|---|
openscad:sid | eq | 2019.05-3+b1 | |
openscad:sid | eq | 2019.05-3+b1 |
lists.fedoraproject.org/archives/list/[email protected]/message/AFXQZK6BAYARVVWBBXDKPVPN3N77PPDX/
lists.fedoraproject.org/archives/list/[email protected]/message/KRHYUWXQ7QQIC6TXDYYLYFFF7B7L3EBD/
security-tracker.debian.org/tracker/CVE-2020-28599
security.gentoo.org/glsa/202107-35
talosintelligence.com/vulnerability_reports/TALOS-2020-1223
www.talosintelligence.com/vulnerability_reports/TALOS-2020-1224