CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
96.2%
PLIB includes sound effects, music, a complete 3D engine, font rendering, a simple Windowing library, a game scripting language, a GUI, networking, 3D math library and a collection of handy utility functions.
A stack-based buffer overflow within the error function of ssg/ssgParser.cxx was discovered in PLIB.
A remote attacker, by enticing a user to open a specially crafted 3d model file, could possibly execute arbitrary code with the privileges of the process.
There is no known workaround at this time.
All PLIB users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/plib-1.8.5-r1"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | media-libs/plib | < 1.8.5-r1 | UNKNOWN |