FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
13bf0602-c08a-11e2-bb21-083e8ed0f47bplib -- buffer overflow

Secunia reports:

A vulnerability has been discovered in PLIB, which can be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to a boundary error within the "ulSetError()" function (src/util/ulError.cxx) when creating the error message, which can be exploited to overflow a static buffer.

Successful exploitation allows the execution of arbitrary code but requires that the attacker can e.g. control the content of an overly long error message passed to the "ulSetError()" function.

The vulnerability is confirmed in version 1.8.5. Other versions may also be affected.

Originally reported in TORCS by Andres Gomez.


Discovery 2011-12-21
Entry 2013-05-19
plib
< 1.8.5_4

CVE-2011-4620
http://openwall.com/lists/oss-security/2011/12/21/2
c72a2494-c08b-11e2-bb21-083e8ed0f47bplib -- stack-based buffer overflow

CVE reports:

Stack-based buffer overflow in the error function in ssg/ssgParser.cxx in PLIB 1.8.5 allows remote attackers to execute arbitrary code via a crafted 3d model file that triggers a long error message, as demonstrated by a .ase file.


Discovery 2012-10-09
Entry 2013-05-19
plib
< 1.8.5_4

55839
CVE-2012-4552
http://www.openwall.com/lists/oss-security/2012/10/29/8
ba51c2f7-5b43-11e1-8288-00262d5ed8eeplib -- remote code execution via buffer overflow

Secunia reports:

A vulnerability has been discovered in PLIB, which can be exploited by malicious people to compromise an application using the library.

The vulnerability is caused due to a boundary error within the "ulSetError()" function (src/util/ulError.cxx) when creating the error message, which can be exploited to overflow a static buffer.

Successful exploitation allows the execution of arbitrary code but requires that the attacker can e.g. control the content of an overly long error message passed to the "ulSetError()" function.

The vulnerability is confirmed in version 1.8.5. Other versions may also be affected.


Discovery 2011-12-21
Entry 2012-02-19
torcs
< 1.3.3

plib
le 1.8.5_3

CVE-2011-4620
http://secunia.com/advisories/47297/
http://torcs.sourceforge.net/index.php?name=News&file=article&sid=79