Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-4552Improper Restriction of Operations within the Bounds of a Memory Buffer in Plib

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents6 sources
Severity
6.8MEDIUMNVD
EPSS
22.1%
top 4.20%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Plib Project PlibDebian PlibSteve J Baker Plib
Timeline
PublishedNov 18
Latest updateMay 17

Description

Stack-based buffer overflow in the error function in ssg/ssgParser.cxx in PLIB 1.8.5 allows remote attackers to execute arbitrary code via a crafted 3d model file that triggers a long error message, as demonstrated by a .ase file.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

debiandebian/plib< plib 1.8.5-6 (bookworm)
Debianplib_project/plib< 1.8.5-6+3

🔴Vulnerability Details

2
GHSA
GHSA-qf24-m9p7-6g9v: Stack-based buffer overflow in the error function in ssg/ssgParser2022-05-17
OSV
CVE-2012-4552: Stack-based buffer overflow in the error function in ssg/ssgParser2012-11-18

💥Exploits & PoCs

1
Exploit-DB
PLIB 1.8.5 - 'ssg/ssgParser.cxx' Local Buffer Overflow2012-10-09

📋Vendor Advisories

1
Debian
CVE-2012-4552: plib - Stack-based buffer overflow in the error function in ssg/ssgParser.cxx in PLIB 1...2012

💬Community

3
Bugzilla
CVE-2012-4552 plib: stack-based buffer overflow in the error function in ssg/ssgParser.cxx2012-10-29
Bugzilla
CVE-2012-4552 plib: stack-based buffer overflow in the error function in ssg/ssgParser.cxx [fedora-all]2012-10-29
Bugzilla
CVE-2012-3417 quota: incorrect use of tcp_wrappers2010-02-19