CVE-2012-4552

NameCVE-2012-4552
DescriptionStack-based buffer overflow in the error function in ssg/ssgParser.cxx in PLIB 1.8.5 allows remote attackers to execute arbitrary code via a crafted 3d model file that triggers a long error message, as demonstrated by a .ase file.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs694810

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
plib (PTS)buster1.8.5-8+deb10u1fixed
bullseye1.8.5-8+deb11u1fixed
trixie, bookworm1.8.5-14fixed
sid1.8.5-14.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
plibsource(unstable)1.8.5-6low694810

Notes

[squeeze] - plib <no-dsa> (Minor issue)

Search for package or bug name: Reporting problems