oss-sec mailing list archives

Re: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow

From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 29 Oct 2012 13:41:38 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/29/2012 01:02 PM, Andrés Gómez Ramírez wrote:

Sorry for the previous message, it was not intentional :)


Thanks.

Hi, Could a CVE be assigned to this issue?

Name: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Software: PLIB
1.8.5 Software link: http://plib.sourceforge.net/ Vulnerability
Type: Stack Based Buffer overflow References:
http://www.exploit-db.com/exploits/21831/ 
http://www.securityfocus.com/bid/55839

Vulnerability Details: Plib is prone to stack based Buffer overflow
in the error function in ssg/ssgParser.cxx when it loads 3d model
files as X (Direct x), ASC, ASE, ATG, and OFF, if a very long error
message is passed to the function, in line 68:


// Output an error void _ssgParser::error( const char *format, ...
) { char msgbuff[ 255 ]; va_list argp;

char* msgptr = msgbuff; if (linenum) { msgptr += sprintf (
msgptr,"%s, line %d: ", path, linenum ); }

va_start( argp, format ); 68        vsprintf( msgptr, format, argp
); va_end( argp );

ulSetError ( UL_WARNING, "%s", msgbuff ) ; }

Thanks,

Andres Gomez.


Please use CVE-2012-4552 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQjtvyAAoJEBYNRVNeJnmTPckP/ifPXgu6oDGLdQGFxDfH/L/N
osBeiFGp21SnFguzfvwjSQgAvco+VuBNL2R7WAZXqiXcsw9vOLSZB8JDelc1udxw
HFQOK84i1U7kVisXNCkOmxcgdfxJIz9yclgx4WZXxQiYIbT4XdEF9KuYHPlFSlN4
vyP/RruG2/zGACjL96r+9y17WJtbsf1qEDWmfF2GEXVb19rfzXyRu6R9o3UcWjqT
jNm+wH63iEggxjyXPGEBUf3TIZAA0vNX18LWVs9V4H0mY56VepHGPtuchLkAduKh
usaOSs1EAWP2jexi6/txJWGCNrHuoSbWn+CJ1FwUwzHMtRY+s8dgV3ZmproMGwcD
eAjmPgQPsBHi4MGJNJ42mnH6x/q+fbI4B08yE2cNVqVZ2Ag3NuHQqofqfLcWL+ap
m/lJ84KdZYmsoRE+aCPBrP98elyse6P1LSiQRk5aFQuinv/nYRz9WEqF9biXqFLC
9F3JHJXfaseWhzzhFSwUHUVp6DERHhDJDBuyTYonjblVO7AABsKVTxcgQUzJDO+V
EI2fFUHbCKqlcIoIAL6TGvDea3Gwsw3E8+5t7Yn1UJzulIN5ht2QsiYQzk6Mfbwg
nviEvgPsyyYllTRUQMPlyabAAEEgDEsTLD2VuExCrYJS4rGfdfEK+jlEBUaFHw1D
YQkN5FovxvMAHbeDZVIl
=+9oQ
-----END PGP SIGNATURE-----

Current thread:

CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Andres Gomez (Oct 29)
- Re: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Kurt Seifried (Oct 29)
- <Possible follow-ups>
- CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Andrés Gómez Ramírez (Oct 29)
  - Re: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Kurt Seifried (Oct 29)
  - Re: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Vincent Danen (Oct 29)
    - Re: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Andrés Gómez Ramírez (Oct 29)
    - Re: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Vincent Danen (Oct 31)