Lucene search

Gentoo FoundationGLSA-200703-07

HistoryMar 06, 2007 - 12:00 a.m.

STLport: Possible remote execution of arbitrary code

2007-03-0600:00:00

Gentoo Foundation

security.gentoo.org

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.061

Percentile

93.5%

JSON

Background

STLport is a multi-platform C++ Standard Library implementation.

Description

Two buffer overflows have been discovered, one in “print floats” and one in the rope constructor.

Impact

Both of the buffer overflows could result in the remote execution of arbitrary code. Please note that the exploitability of the vulnerabilities depends on how the library is used by other software programs.

Workaround

There is no known workaround at this time.

Resolution

All STLport users should upgrade to the latest version.

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=dev-libs/STLport-5.0.3"

OSVersionArchitecturePackageVersionFilename
Gentooanyalldev-libs/stlport< 5.0.3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	dev-libs/stlport	< 5.0.3	UNKNOWN

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.061

Percentile

93.5%

JSON

Related for GLSA-200703-07