InVesalius3 Software Vulnerability Allows Arbitrary File Write
/ 1 min read
🗂️✨ Directory Traversal Vulnerability Discovered in InVesalius3 Software. A security flaw in the Centro de Tecnologia da Informação Renato Archer’s InVesalius3 v3.1.99995 allows attackers to write arbitrary files to the system through a specially crafted .inv3 file, exploiting a “Zip Slip” vulnerability. This issue arises when applications extract files from archives without validating their paths, potentially leading to overwriting critical files. While the vulnerability poses limited risk on its own, it can be combined with other vulnerabilities for more severe attacks. The issue has been addressed in the latest nightly version of the software, following a collaborative disclosure process with developers. For further details, the exploit can be viewed on GitHub.
