Joined: 12 May 2004
|Posted: Sun May 18, 2014 9:26 pm Post subject: [ GLSA 201405-23 ] lib3ds: User-assisted execution of arbitr
|Gentoo Linux Security Advisory
Title: lib3ds: User-assisted execution of arbitrary code (GLSA 201405-23)
Date: May 18, 2014
A vulnerability in lib3ds might allow a remote attacker to execute
lib3ds is a library for managing 3D-Studio Release 3 and 4 .3DS files.
Vulnerable: < 2.0.0_rc1
Unaffected: >= 2.0.0_rc1
Architectures: All supported architectures
An array index error has been discovered in lib3ds.
A remote attacker could entice a user to open a specially crafted 3DS
file using an application linked against lib3ds, possibly resulting in
execution of arbitrary code with the privileges of the process or a
Denial of Service condition.
There is no known workaround at this time.
All lib3ds users should upgrade to the latest version:
Packages which depend on this library may need to be recompiled. Tools
|# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/lib3ds-2.0.0_rc1"
such as revdep-rebuild may assist in identifying some of these packages.