FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

plib -- buffer overflow

Affected packages
plib < 1.8.5_4


VuXML ID 13bf0602-c08a-11e2-bb21-083e8ed0f47b
Discovery 2011-12-21
Entry 2013-05-19

Secunia reports:

A vulnerability has been discovered in PLIB, which can be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to a boundary error within the "ulSetError()" function (src/util/ulError.cxx) when creating the error message, which can be exploited to overflow a static buffer.

Successful exploitation allows the execution of arbitrary code but requires that the attacker can e.g. control the content of an overly long error message passed to the "ulSetError()" function.

The vulnerability is confirmed in version 1.8.5. Other versions may also be affected.

Originally reported in TORCS by Andres Gomez.


CVE Name CVE-2011-4620