oss-sec mailing list archives
Re: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 29 Oct 2012 12:12:31 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/29/2012 09:12 AM, Andres Gomez wrote:
Hi, Could a CVE be assigned to this issue? Name: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Software: PLIB 1.8.5 Software link: http://plib.sourceforge.net/ Vulnerability Type: Stack Based Buffer overflow References: http://www.exploit-db.com/exploits/21831/ http://www.securityfocus.com/bid/55839 Vulnerability Details: Plib is prone to stack based Buffer overflow in the error function in ssg/ssgParser.cxx when it loads 3d model files as X (Direct x), ASC, ASE, ATG, and OFF, if a very long error message is passed to the function, in line 68: // Output an error void _ssgParser::error( const char *format, ... ) { char msgbuff[ 255 ]; va_list argp; char* msgptr = msgbuff; if (linenum) { msgptr += sprintf ( msgptr,"%s, line %d: ", path, linenum ); } va_start( argp, format ); 68 vsprintf( msgptr, format, argp ); va_end( argp ); ulSetError ( UL_WARNING, "%s", msgbuff ) ; } Thanks, Andres Gomez. -- CONFIDENTIALITY NOTICE: This transmission is intended for the use of the individual or
entity > to which it is addressed, and it may contain information that is
confidential or privileged under law. If the reader of this message is not the intended recipient, you are hereby notified that retention, dissemination, distribution or copying of this e-mail is strictly prohibited. If you received this e-mail in error, please notify the sender immediately and destroy the original. Thank you.
Please send an email without an attempt at creating an obligation for the receiver and I'll assign a CVE. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJQjscPAAoJEBYNRVNeJnmT0OMQAMRQJvQXblxI5w27Vu3GjAoI h06k2wyvHvziIYxKpxnegrLugtEAE8mgEiRVi5wGUCLcZ+7MyMtAuPUddbWARwA/ j/z2uxRCKIAArNIZMvsYZh3HMyHCQYvxCK/fFwwB+7UsMZ/YOQbB8zBcKPgMwLcO bUGvAcXmBXoRpQLJ8MFOGR56Khn2xrSL+c+xSBxPcG01MwUIIlaKsx0k8+UOGKsd 1dIgjolu6JS7o06L9xukkl7XYif/rbFwbGrWNSz6RG1Pbe+Dyg3mqcsE0yZnm6Sq T6UkcKbuJxP/81FtscohwutRIi6mvc1z6JEVbwDYuStCJBYhu0gcPDhRetA8KaTS gUxnse1wkCEMt6yfzLVNCGhxJ9t+fF2U8PSSCcDgvSv3GiQVgl60rSArcsG6xd1J sQBZRaWxZWnBq8Q6SdT0XJAskXsHSoWBm459TrOqnUtGTGO6DzfjgpE2mzTyUwUB ItPIDvEW4hDn9zHJ3TM/JyC/R2FV7EeGfShTl+On/oPOslH0X9Ag9k9jxc42c1fS sWgQYm9uutiI5KxMyVaHbREm3SBeIj5iEmaGXH8+mrtcY/IeiThS4bVaAlXgErOz HLlgqGBttFE1Tv7wUEPUVQJ3fW0K7itph6O99zagVGDIiI3mN4cak1hfSsMemsOO ZB+s7FiFl3U/YGIn5X6k =YIfs -----END PGP SIGNATURE-----
Current thread:
- CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Andres Gomez (Oct 29)
- Re: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Kurt Seifried (Oct 29)
- <Possible follow-ups>
- CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Andrés Gómez Ramírez (Oct 29)
- Re: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Kurt Seifried (Oct 29)
- Re: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Vincent Danen (Oct 29)
- Re: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Andrés Gómez Ramírez (Oct 29)
- Re: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Vincent Danen (Oct 31)