Vulnerability roundup 111: slic3r-1.3.0: 2 advisories [5.5]

ckauhaus commented 2 years ago

[ ] CVE-2021-45846 CVSSv3=5.5 (nixos-21.11, nixos-unstable)
[ ] CVE-2021-45847 CVSSv3=5.5 (nixos-21.11, nixos-unstable)

CVE details

CVE-2021-45846

A flaw in the AMF parser of Slic3r libslic3r 1.3.0 allows an attacker to cause an application crash using a crafted AMF document, where a metadata tag lacks a "type" attribute.

CVE-2021-45847

Several missing input validations in the 3MF parser component of Slic3r libslic3r 1.3.0 can each allow an attacker to cause an application crash using a crafted 3MF input file.

Scanned versions: nixos-21.11: 2128d0aa28e; nixos-unstable: 5aaed40d22f.

Cc @bjornfor

FliegendeWurst commented 3 weeks ago

Still unfixed upstream

https://github.com/slic3r/Slic3r/issues/5117 https://github.com/slic3r/Slic3r/issues/5118 https://github.com/slic3r/Slic3r/issues/5119 https://github.com/slic3r/Slic3r/issues/5120

bjornfor commented 3 weeks ago

I think we should remove Slic3r and use PrusaSlicer instead: https://github.com/slic3r/Slic3r/issues/5175

NixOS / nixpkgs