oss-sec mailing list archives
Re: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow
From: Vincent Danen <vdanen () redhat com>
Date: Wed, 31 Oct 2012 12:31:29 -0600
* [2012-10-29 18:22:29 -0500] Andr?s G?mez Ram?rez wrote:
PLIB is no longer being maintained: http://sourceforge.net/mailarchive/message.php?msg_id=28580157 I sent a couple of bugs several months ago, but there wasn't any response from plib developers, so I decided to make them public.
Fair enough. Thank you so much for this explanation. I didn't realize it was unmaintained software.
On Mon, Oct 29, 2012 at 3:58 PM, Vincent Danen <vdanen () redhat com> wrote:* [2012-10-29 14:02:58 -0500] Andr?s G?mez Ram?rez wrote: Sorry for the previous message, it was not intentional :)Hi, Could a CVE be assigned to this issue? Name: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Software: PLIB 1.8.5 Software link: http://plib.sourceforge.net/ Vulnerability Type: Stack Based Buffer overflow References: http://www.exploit-db.com/**exploits/21831/<http://www.exploit-db.com/exploits/21831/> http://www.securityfocus.com/**bid/55839<http://www.securityfocus.com/bid/55839> Vulnerability Details: Plib is prone to stack based Buffer overflow in the error function in ssg/ssgParser.cxx when it loads 3d model files as X (Direct x), ASC, ASE, ATG, and OFF, if a very long error message is passed to the function, in line 68: // Output an error void _ssgParser::error( const char *format, ... ) { char msgbuff[ 255 ]; va_list argp; char* msgptr = msgbuff; if (linenum) { msgptr += sprintf ( msgptr,"%s, line %d: ", path, linenum ); } va_start( argp, format ); 68 vsprintf( msgptr, format, argp ); va_end( argp ); ulSetError ( UL_WARNING, "%s", msgbuff ) ; } Thanks,Andreas, was this reported to upstream? I can't see a patch or anything in their bug tracker regarding this.
--Vincent Danen / Red Hat Security Response Team
Current thread:
- CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Andres Gomez (Oct 29)
- Re: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Kurt Seifried (Oct 29)
- <Possible follow-ups>
- CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Andrés Gómez Ramírez (Oct 29)
- Re: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Kurt Seifried (Oct 29)
- Re: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Vincent Danen (Oct 29)
- Re: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Andrés Gómez Ramírez (Oct 29)
- Re: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Vincent Danen (Oct 31)