Lucene search

RedhatCVE-2012-4552

HistoryNov 18, 2012 - 11:55 p.m.

CVE-2012-4552

2012-11-1823:55:01

CWE-119

redhat

web.nvd.nist.gov

cve-2012-4552

buffer overflow

plib 1.8.5

remote code execution

3d model file

ssgparser

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

Low

EPSS

0.177

Percentile

96.2%

JSON

Stack-based buffer overflow in the error function in ssg/ssgParser.cxx in PLIB 1.8.5 allows remote attackers to execute arbitrary code via a crafted 3d model file that triggers a long error message, as demonstrated by a .ase file.

Affected configurations

Nvd

Node

steve_j_bakerplibMatch1.8.5

VendorProductVersionCPE
steve_j_bakerplib1.8.5cpe:2.3:a:steve_j_baker:plib:1.8.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
steve_j_baker	plib	1.8.5	cpe:2.3:a:steve_j_baker:plib:1.8.5:::::::*

References

lists.fedoraproject.org/pipermail/package-announce/2012-November/091932.html

lists.fedoraproject.org/pipermail/package-announce/2012-November/091937.html

lists.fedoraproject.org/pipermail/package-announce/2012-November/091964.html

lists.opensuse.org/opensuse-security-announce/2012-11/msg00013.html

lists.opensuse.org/opensuse-security-announce/2013-01/msg00015.html

secunia.com/advisories/51340

www.openwall.com/lists/oss-security/2012/10/29/9

www.osvdb.org/87001

bugzilla.redhat.com/show_bug.cgi?id=871187

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

Low

EPSS

0.177

Percentile

96.2%

JSON

Related for CVE-2012-4552