Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAGVYHsWfzO=1Xs3bQ9iOum82-Dm1t-e7-Lc+5LKc6+hCQ8xMHQ@mail.gmail.com>
Date: Mon, 29 Oct 2012 14:02:58 -0500
From: Andrés Gómez Ramírez <andresgomezram7@...il.com>
To: oss-security@...ts.openwall.com
Subject: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow

Sorry for the previous message, it was not intentional :)

Hi, Could a CVE be assigned to this issue?

Name: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow
Software: PLIB 1.8.5
Software link: http://plib.sourceforge.net/
Vulnerability Type: Stack Based Buffer overflow
References: http://www.exploit-db.com/exploits/21831/
                   http://www.securityfocus.com/bid/55839

Vulnerability Details: Plib is prone to stack based Buffer overflow in the
error function in ssg/ssgParser.cxx when it loads 3d model files as X
(Direct x), ASC, ASE, ATG, and OFF, if a very long error message is passed
to the function, in line 68:


// Output an error
void _ssgParser::error( const char *format, ... )
{
  char msgbuff[ 255 ];
  va_list argp;

  char* msgptr = msgbuff;
  if (linenum)
  {
    msgptr += sprintf ( msgptr,"%s, line %d: ",
      path, linenum );
  }

  va_start( argp, format );
68        vsprintf( msgptr, format, argp );
  va_end( argp );

  ulSetError ( UL_WARNING, "%s", msgbuff ) ;
}

Thanks,

Andres Gomez.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.