CVE-2012-6090
SWI-Prolog < 6.2.4 - Stack-Based Buffer Overflow via Crafted Filename
Title source: llmDescription
Multiple stack-based buffer overflows in the expand function in os/pl-glob.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename.
References (4)
Core 4
Core References
Patch x_refsource_confirm
http://www.swi-prolog.org/git/pl.git/commit/b2c88972e7515ada025e97e7d3ce3e34f81cf33e
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2013/01/03/7
Vendor Advisory mailing-list
x_refsource_mlist
https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=891577
Scores
EPSS
0.0313
EPSS Percentile
86.3%
Details
CWE
CWE-119
Status
published
Products (39)
swi-prolog/swi-prolog
5.6.50
swi-prolog/swi-prolog
5.6.51
swi-prolog/swi-prolog
5.6.52
swi-prolog/swi-prolog
5.6.53
swi-prolog/swi-prolog
5.6.54
swi-prolog/swi-prolog
5.6.55
swi-prolog/swi-prolog
5.6.56
swi-prolog/swi-prolog
5.6.57
swi-prolog/swi-prolog
5.6.58
swi-prolog/swi-prolog
5.6.59
... and 29 more
Published
Jan 04, 2013
Tracked Since
Feb 18, 2026