openscad is vulnerable to arbitrary code execution. A stack-based buffer overflow vulnerability in the import_stl.cc:import_stl()
functionality allows an attacker to execute arbitrary code on the host OS via a malicious STL file.
lists.fedoraproject.org/archives/list/[email protected]/message/AFXQZK6BAYARVVWBBXDKPVPN3N77PPDX/
lists.fedoraproject.org/archives/list/[email protected]/message/KRHYUWXQ7QQIC6TXDYYLYFFF7B7L3EBD/
security-tracker.debian.org/tracker/CVE-2020-28599
security.gentoo.org/glsa/202107-35
talosintelligence.com/vulnerability_reports/TALOS-2020-1223
www.talosintelligence.com/vulnerability_reports/TALOS-2020-1224