Vulnerability Spotlight: Buffer overflow vulnerability in AnyCubic Chitubox plugin

Cisco Talos recently discovered an exploitable heap-based buffer overflow vulnerability in the Chitubox AnyCubic plugin.

Chitubox is 3-D printing software for users to download and process models and send them to a 3-D printer. The specific AnyCubic plugin allows the software to convert the output of the Chitubox slicer (general format files) into the format expected by AnyCubic’s series of printers. These converted files are then used directly for all functionality provided by the printers.

TALOS-2021-13726 (CVE-2021-21948) is a heap-based buffer overflow vulnerability that triggers if the user opens a specially crafted .gf file.

Read more…
Source: Cisco Talos