Gentoo FoundationGLSA-200903-10Irrlicht: User-assisted execution of arbitrary code
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.029 Low
EPSS
Percentile
90.8%
Background
The Irrlicht Engine is an open source cross-platform high performance realtime 3D engine written in C++.
Description
An unspecified component of the B3D loader is vulnerable to a buffer overflow due to missing boundary checks.
Impact
A remote attacker could entice a user to open a specially crafted .irr file, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service (crash).
Workaround
There is no known workaround at this time.
Resolution
All irrlicht users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-games/irrlicht-1.5"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | dev-games/irrlicht | <Β 1.5 | UNKNOWN |
Related
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.029 Low
EPSS
Percentile
90.8%