Vulnerability Details : CVE-2012-4552
Stack-based buffer overflow in the error function in ssg/ssgParser.cxx in PLIB 1.8.5 allows remote attackers to execute arbitrary code via a crafted 3d model file that triggers a long error message, as demonstrated by a .ase file.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2012-4552
Probability of exploitation activity in the next 30 days: 19.01%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 96 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-4552
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2012-4552
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-4552
-
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091964.html
[SECURITY] Fedora 18 Update: plib-1.8.5-8.fc18
-
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091937.html
[SECURITY] Fedora 17 Update: plib-1.8.5-8.fc17
-
http://www.openwall.com/lists/oss-security/2012/10/29/9
oss-security - Re: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow
-
https://bugzilla.redhat.com/show_bug.cgi?id=871187
871187 – (CVE-2012-4552) CVE-2012-4552 plib: stack-based buffer overflow in the error function in ssg/ssgParser.cxx
-
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00013.html
[security-announce] openSUSE-SU-2012:1506-1: important: update for plib
-
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00015.html
[security-announce] openSUSE-SU-2013:0146-1: important: update for plib
-
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091932.html
[SECURITY] Fedora 16 Update: plib-1.8.5-8.fc16
Products affected by CVE-2012-4552
- cpe:2.3:a:steve_j_baker:plib:1.8.5:*:*:*:*:*:*:*