Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow
From: Andrés Gómez Ramírez <andresgomezram7 () gmail com>
Date: Mon, 29 Oct 2012 14:02:58 -0500

Sorry for the previous message, it was not intentional :)

Hi, Could a CVE be assigned to this issue?

Name: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow
Software: PLIB 1.8.5
Software link: http://plib.sourceforge.net/
Vulnerability Type: Stack Based Buffer overflow
References: http://www.exploit-db.com/exploits/21831/
                   http://www.securityfocus.com/bid/55839

Vulnerability Details: Plib is prone to stack based Buffer overflow in the
error function in ssg/ssgParser.cxx when it loads 3d model files as X
(Direct x), ASC, ASE, ATG, and OFF, if a very long error message is passed
to the function, in line 68:


// Output an error
void _ssgParser::error( const char *format, ... )
{
  char msgbuff[ 255 ];
  va_list argp;

  char* msgptr = msgbuff;
  if (linenum)
  {
    msgptr += sprintf ( msgptr,"%s, line %d: ",
      path, linenum );
  }

  va_start( argp, format );
68        vsprintf( msgptr, format, argp );
  va_end( argp );

  ulSetError ( UL_WARNING, "%s", msgbuff ) ;
}

Thanks,

Andres Gomez.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]