Home page logo

oss-sec logo oss-sec mailing list archives

Re: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow
From: Vincent Danen <vdanen () redhat com>
Date: Mon, 29 Oct 2012 14:58:51 -0600

* [2012-10-29 14:02:58 -0500] Andr?s G?mez Ram?rez wrote:

Sorry for the previous message, it was not intentional :)

Hi, Could a CVE be assigned to this issue?

Name: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow
Software: PLIB 1.8.5
Software link: http://plib.sourceforge.net/
Vulnerability Type: Stack Based Buffer overflow
References: http://www.exploit-db.com/exploits/21831/

Vulnerability Details: Plib is prone to stack based Buffer overflow in the
error function in ssg/ssgParser.cxx when it loads 3d model files as X
(Direct x), ASC, ASE, ATG, and OFF, if a very long error message is passed
to the function, in line 68:

// Output an error
void _ssgParser::error( const char *format, ... )
 char msgbuff[ 255 ];
 va_list argp;

 char* msgptr = msgbuff;
 if (linenum)
   msgptr += sprintf ( msgptr,"%s, line %d: ",
     path, linenum );

 va_start( argp, format );
68        vsprintf( msgptr, format, argp );
 va_end( argp );

 ulSetError ( UL_WARNING, "%s", msgbuff ) ;


Andreas, was this reported to upstream?  I can't see a patch or anything
in their bug tracker regarding this.

Vincent Danen / Red Hat Security Response Team

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]