CVE-2012-4552
published 2012-11-18CVE-2012-4552: Stack-based buffer overflow in the error function in ssg/ssgParser.cxx in PLIB 1.8.5 allows remote attackers to execute arbitrary code via a crafted 3d model…
PriorityP342medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
9.97%
95.0th percentile
Stack-based buffer overflow in the error function in ssg/ssgParser.cxx in PLIB 1.8.5 allows remote attackers to execute arbitrary code via a crafted 3d model file that triggers a long error message, as demonstrated by a .ase file.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | plib | < plib 1.8.5-6 (bookworm) | plib 1.8.5-6 (bookworm) |
| plib_project | plib | >= 0 < 1.8.5-6 | 1.8.5-6 |
| plib_project | plib | >= 0 < 1.8.5-6 | 1.8.5-6 |
| plib_project | plib | >= 0 < 1.8.5-6 | 1.8.5-6 |
| plib_project | plib | >= 0 < 1.8.5-6 | 1.8.5-6 |
| steve_j_baker | plib | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2012-4552: plib - Stack-based buffer overflow in the error function in ssg/ssgParser.cxx in PLIB 1...
vendor_debian·2012·CVSS 6.8
CVE-2012-4552 [MEDIUM] CVE-2012-4552: plib - Stack-based buffer overflow in the error function in ssg/ssgParser.cxx in PLIB 1...
Stack-based buffer overflow in the error function in ssg/ssgParser.cxx in PLIB 1.8.5 allows remote attackers to execute arbitrary code via a crafted 3d model file that triggers a long error message, as demonstrated by a .ase file.
Scope: local
bookworm: resolved (fixed in 1.8.5-6)
bullseye: resolved (fixed in 1.8.5-6)
forky: resolved (fixed in 1.8.5-6)
sid: resolved (fixed in 1.8.5-6)
trixie: resolved (fixed in 1.8.5-6)
GHSA
GHSA-qf24-m9p7-6g9v: Stack-based buffer overflow in the error function in ssg/ssgParser
ghsa_unreviewed·2022-05-17
CVE-2012-4552 [MEDIUM] CWE-119 GHSA-qf24-m9p7-6g9v: Stack-based buffer overflow in the error function in ssg/ssgParser
Stack-based buffer overflow in the error function in ssg/ssgParser.cxx in PLIB 1.8.5 allows remote attackers to execute arbitrary code via a crafted 3d model file that triggers a long error message, as demonstrated by a .ase file.
OSV
CVE-2012-4552: Stack-based buffer overflow in the error function in ssg/ssgParser
osv·2012-11-18·CVSS 6.8
CVE-2012-4552 [MEDIUM] CVE-2012-4552: Stack-based buffer overflow in the error function in ssg/ssgParser
Stack-based buffer overflow in the error function in ssg/ssgParser.cxx in PLIB 1.8.5 allows remote attackers to execute arbitrary code via a crafted 3d model file that triggers a long error message, as demonstrated by a .ase file.
No detection rules found.
Bugzilla
CVE-2012-4552 plib: stack-based buffer overflow in the error function in ssg/ssgParser.cxx
bugzilla·2012-10-29·CVSS 6.8
CVE-2012-4552 [MEDIUM] CVE-2012-4552 plib: stack-based buffer overflow in the error function in ssg/ssgParser.cxx
CVE-2012-4552 plib: stack-based buffer overflow in the error function in ssg/ssgParser.cxx
A stack-based buffer overflow flaw was reported [1] in how plib handles errors when loading 3d model files as X (Direct X), ASC, ASE, ATG, and OFF. The description of the flaw follows:
Vulnerability Details: Plib is prone to stack based Buffer overflow in the
error function in ssg/ssgParser.cxx when it loads 3d model files as X
(Direct x), ASC, ASE, ATG, and OFF, if a very long error message is passed
to the function, in line 68:
// Output an error
void _ssgParser::error( const char *format, ... )
{
char msgbuff[ 255 ];
va_list argp;
char* msgptr = msgbuff;
if (linenum)
{
msgptr += sprintf ( msgptr,"%s, line %d: ",
path, linenum );
}
va_start( argp, format );
68 vsprintf( msgptr, format, argp )
Bugzilla
CVE-2012-4552 plib: stack-based buffer overflow in the error function in ssg/ssgParser.cxx [fedora-all]
bugzilla·2012-10-29·CVSS 6.8
CVE-2012-4552 [MEDIUM] CVE-2012-4552 plib: stack-based buffer overflow in the error function in ssg/ssgParser.cxx [fedora-all]
CVE-2012-4552 plib: stack-based buffer overflow in the error function in ssg/ssgParser.cxx [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
P
Bugzilla
CVE-2012-3417 quota: incorrect use of tcp_wrappers
bugzilla·2010-02-19·CVSS 7.5
CVE-2012-3417 [HIGH] CVE-2012-3417 quota: incorrect use of tcp_wrappers
CVE-2012-3417 quota: incorrect use of tcp_wrappers
quota's good_client() (quota-tools/rquota_svc.c) seems to be based on good_client() used by nfs-utils and portmap and is affected by similar problems as described here:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-4552#c8
With certain hosts.{allow,deny} rules, expected host access control restrictions may not be applied correctly. The problem does not affect configurations that has deny:ALL and only allow access for specific hosts / networks.
The issue was reported and fixed upstream:
http://sourceforge.net/tracker/?func=detail&aid=2743481&group_id=18136&atid=118136
http://linuxquota.cvs.sourceforge.net/viewvc/linuxquota/quota-tools/rquota_svc.c#rev1.21
Discussion:
Added CVE as per http://www.openwall.com/lists/oss-security/2
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091932.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-November/091937.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-November/091964.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-11/msg00013.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00015.htmlhttp://secunia.com/advisories/51340http://www.openwall.com/lists/oss-security/2012/10/29/9http://www.osvdb.org/87001https://bugzilla.redhat.com/show_bug.cgi?id=871187http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091932.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-November/091937.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-November/091964.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-11/msg00013.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00015.htmlhttp://secunia.com/advisories/51340http://www.openwall.com/lists/oss-security/2012/10/29/9http://www.osvdb.org/87001https://bugzilla.redhat.com/show_bug.cgi?id=871187
2012-11-18
Published