{"id":"CVE-2020-28596","details":"A stack-based buffer overflow vulnerability exists in the Objparser::objparse() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.","modified":"2026-04-10T04:32:31.029999Z","published":"2021-02-10T22:15:13.530Z","references":[{"type":"EVIDENCE","url":"https://talosintelligence.com/vulnerability_reports/TALOS-2020-1220"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/prusa3d/prusaslicer","events":[{"introduced":"0"},{"last_affected":"d5bcddeed333e6be567de517bc22c69fc5559b7e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.2.0-NA"}]}}],"versions":["0.5.0","0.5.1","0.5.2","0.5.3","0.5.4","0.5.5","0.5.5a","0.5.5b","0.5.6","0.5.7","0.6.0","0.7.0","0.7.1","0.7.2b","0.8.0","0.8.1","0.8.2","0.8.3","0.8.4","0.9.0","0.9.1","0.9.2","0.9.3","0.9.4","0.9.5","0.9.7","0.9.9","1.0.0RC1","1.1.0","1.1.1","1.1.2","1.1.3","1.1.4","1.2.0","1.2.1","1.2.2","1.2.3","1.2.4","1.2.5","1.2.6","1.2.7","1.2.8","1.2.9","delete","for_change_log_1.40.0-alpha1","version_1.30.0","version_1.31.0","version_1.31.1","version_1.31.2","version_1.31.3","version_1.31.4","version_1.31.5","version_1.31.6","version_1.33.0","version_1.33.1","version_1.33.2","version_1.33.3","version_1.33.4","version_1.33.5","version_1.33.6","version_1.33.7","version_1.33.8","version_1.34.0","version_1.34.1","version_1.34.1.24","version_1.35.0","version_1.35.1","version_1.35.2","version_1.35.3","version_1.35.4","version_1.35.5","version_1.36.0","version_1.36.1","version_1.37.0","version_1.37.1","version_1.38.0","version_1.38.1","version_1.38.2","version_1.38.3","version_1.38.4","version_1.38.5","version_1.38.6","version_1.39.0","version_1.39.1-alpha","version_1.39.1-beta","version_1.40.0-alpha","version_1.40.0-alpha1","version_1.40.0-alpha2","version_1.40.0-beta","version_1.41.0","version_1.41.0-alpha1","version_1.41.0-alpha2","version_1.41.0-alpha3","version_1.41.0-beta","version_1.41.0-beta2","version_1.41.0-rc","version_1.41.1","version_1.41.1-beta","version_1.41.1-rc","version_1.41.2-beta","version_1.41.2-rc","version_1.42.0-alpha1","version_1.42.0-alpha2","version_1.42.0-alpha4","version_1.42.0-alpha5","version_1.42.0-alpha6","version_1.42.0-alpha7","version_1.42.0-beta1","version_1.42.0-beta2","version_1.44.0-alpha4","version_2.0.0","version_2.0.0-rc","version_2.0.0-rc2","version_2.1.0-alpha0","version_2.1.0-alpha1","version_2.1.0-beta","version_2.1.0-beta2","version_2.1.0-beta3","version_2.2.0","version_2.2.0-alpha0","version_2.2.0-alpha1","version_2.2.0-alpha2","version_2.2.0-alpha3","version_2.2.0-alpha4","version_2.2.0-beta","version_2.2.0-rc","version_2.2.0-rc2","version_2.2.0-rc3","version_2.2.0-rc4","version_2.2.0-rc5"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-28596.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}