oss-security - CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow

Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Date: Mon, 29 Oct 2012 14:02:58 -0500
From: Andrés Gómez Ramírez <andresgomezram7@...il.com>
To: oss-security@...ts.openwall.com
Subject: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow

Sorry for the previous message, it was not intentional :)

Hi, Could a CVE be assigned to this issue?

Name: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow
Software: PLIB 1.8.5
Software link: http://plib.sourceforge.net/
Vulnerability Type: Stack Based Buffer overflow
References: http://www.exploit-db.com/exploits/21831/
                   http://www.securityfocus.com/bid/55839

Vulnerability Details: Plib is prone to stack based Buffer overflow in the
error function in ssg/ssgParser.cxx when it loads 3d model files as X
(Direct x), ASC, ASE, ATG, and OFF, if a very long error message is passed
to the function, in line 68:


// Output an error
void _ssgParser::error( const char *format, ... )
{
  char msgbuff[ 255 ];
  va_list argp;

  char* msgptr = msgbuff;
  if (linenum)
  {
    msgptr += sprintf ( msgptr,"%s, line %d: ",
      path, linenum );
  }

  va_start( argp, format );
68        vsprintf( msgptr, format, argp );
  va_end( argp );

  ulSetError ( UL_WARNING, "%s", msgbuff ) ;
}

Thanks,

Andres Gomez.

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.