Lucene search

[email protected]CVE-2012-4552

HistoryNov 18, 2012 - 11:55 p.m.

CVE-2012-4552

2012-11-1823:55:01

CWE-119

[email protected]

web.nvd.nist.gov

cve-2012-4552

buffer overflow

plib 1.8.5

remote code execution

3d model file

ssgparser

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

Low

0.177 Low

EPSS

Percentile

96.2%

JSON

Stack-based buffer overflow in the error function in ssg/ssgParser.cxx in PLIB 1.8.5 allows remote attackers to execute arbitrary code via a crafted 3d model file that triggers a long error message, as demonstrated by a .ase file.

Affected configurations

NVD

Node

steve_j_bakerplibMatch1.8.5

CPENameOperatorVersion
steve_j_baker:plibsteve j baker plibeq1.8.5

CPE	Name	Operator	Version
steve_j_baker:plib	steve j baker plib	eq	1.8.5

References

lists.fedoraproject.org/pipermail/package-announce/2012-November/091932.html

lists.fedoraproject.org/pipermail/package-announce/2012-November/091937.html

lists.fedoraproject.org/pipermail/package-announce/2012-November/091964.html

lists.opensuse.org/opensuse-security-announce/2012-11/msg00013.html

lists.opensuse.org/opensuse-security-announce/2013-01/msg00015.html

secunia.com/advisories/51340

www.openwall.com/lists/oss-security/2012/10/29/9

www.osvdb.org/87001

bugzilla.redhat.com/show_bug.cgi?id=871187

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

Low

0.177 Low

EPSS

Percentile

96.2%

JSON

Related for CVE-2012-4552

nessus6 fedora3 cvelist1 openvas6 freebsd1 gentoo1 ubuntucve1 debiancve1 prion1 nvd1 suse2