CVE-2012-4552

PLIB 1.8.5 - Buffer Overflow

Title source: llm

Description

Stack-based buffer overflow in the error function in ssg/ssgParser.cxx in PLIB 1.8.5 allows remote attackers to execute arbitrary code via a crafted 3d model file that triggers a long error message, as demonstrated by a .ase file.

Exploits (1)

exploitdb WORKING POC

by Andrés Gómez · clocalwindows

https://www.exploit-db.com/exploits/21831

View Code ZIP pw:eip

References (9)

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00013.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00015.html

[Third Party Advisory] http://secunia.com/advisories/51340

[Third Party Advisory, VDB Entry] http://www.osvdb.org/87001

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=871187

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091932.html

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091937.html

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091964.html

[Mailing List] http://www.openwall.com/lists/oss-security/2012/10/29/9

Scores

EPSS 0.2210

EPSS Percentile 95.8%

Details

CWE

CWE-119

Status published

Products (1)

steve_j_baker/plib 1.8.5

Published Nov 18, 2012

Tracked Since Feb 18, 2026