Lilith >_> of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.

Cisco Talos recently discovered two out-of-bounds write vulnerabilities in Prusa Research’s PrusaSlicer. Prusa Slicer is an open-source 3-D printer slicing program forked off Slic3r that can convert various 3-D model file formats and can output corresponding 3-D printer-readable Gcode. Two functions in the software could be exploited with specially crafted OBJ files to cause out-of-bounds and buffer overflow conditions, to then gain the ability to execute code on the victim machine.

In accordance with our coordinated disclosure policy, Cisco Talos worked with Prusa Research to disclose these vulnerabilities and ensure that an update is available.

Vulnerability details

Prusa Research PrusaSlicer Obj.cpp load_obj() out-of-bounds write vulnerability (TALOS-2020-1219/CVE-2020-28595)

An out-of-bounds write vulnerability exists in the Obj.cpp load_obj() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

Prusa Research PrusaSlicer Objparser::objparse() stack-based buffer overflow vulnerability (TALOS-2020-1220/CVE-2020-28596)

A stack-based buffer overflow vulnerability exists in the Objparser::objparse() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

Versions tested

Talos tested and confirmed that these vulnerabilities affect Prusa Research PrusaSlicer, version 2.2.0 and PrusaSlicer Master, commit 4b040b856.

Coverage

The following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Snort Rules: 56727, 56728