GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Mon Mar 26, 2018 6:26 pm Post subject: [ glsa 201803-13 ] plib |
|
|
Gentoo Linux Security Advisory
Title: PLIB: User-assisted execution of arbitrary code (GLSA 201803-13)
Severity: normal
Exploitable: remote
Date: 2018-03-26
Bug(s): #440762
ID: 201803-13
Synopsis
A vulnerability in PLIB may allow remote attackers to execute
arbitrary code.
Background
PLIB includes sound effects, music, a complete 3D engine, font
rendering, a simple Windowing library, a game scripting language, a GUI,
networking, 3D math library and a collection of handy utility functions.
Affected Packages
Package: media-libs/plib
Vulnerable: < 1.8.5-r1
Unaffected: >= 1.8.5-r1
Architectures: All supported architectures
Description
A stack-based buffer overflow within the error function of
ssg/ssgParser.cxx was discovered in PLIB.
Impact
A remote attacker, by enticing a user to open a specially crafted 3d
model file, could possibly execute arbitrary code with the privileges of
the process.
Workaround
There is no known workaround at this time.
Resolution
All PLIB users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/plib-1.8.5-r1"
|
References
CVE-2012-4552 |
|