PLIB: User-assisted execution of arbitrary code — GLSA 201803-13

A vulnerability in PLIB may allow remote attackers to execute arbitrary code.

Affected packages

media-libs/plib on all architectures
Affected versions < 1.8.5-r1
Unaffected versions >= 1.8.5-r1

Background

PLIB includes sound effects, music, a complete 3D engine, font rendering, a simple Windowing library, a game scripting language, a GUI, networking, 3D math library and a collection of handy utility functions.

Description

A stack-based buffer overflow within the error function of ssg/ssgParser.cxx was discovered in PLIB.

Impact

A remote attacker, by enticing a user to open a specially crafted 3d model file, could possibly execute arbitrary code with the privileges of the process.

Workaround

There is no known workaround at this time.

Resolution

All PLIB users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-libs/plib-1.8.5-r1"
 

References

Release date
March 26, 2018

Latest revision
March 26, 2018: 1

Severity
normal

Exploitable
remote

Bugzilla entries