STLPort Library Multiple Unspecified Buffer Overflow Vulnerabilities
BID:22423
Info
STLPort Library Multiple Unspecified Buffer Overflow Vulnerabilities
| Bugtraq ID: | 22423 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-0803 |
| Remote: | Yes |
| Local: | Yes |
| Published: | Feb 06 2007 12:00AM |
| Updated: | Mar 07 2007 04:55AM |
| Credit: | The vendor disclosed these issues. |
| Vulnerable: |
STLport STLport 5.0.2 STLport STLport 5.0.1 STLport STLport 5.0 Gentoo Linux |
| Not Vulnerable: |
STLport STLport 5.0.3 |
Discussion
STLPort Library Multiple Unspecified Buffer Overflow Vulnerabilities
The STLport library is prone to multiple unspecified buffer-overflow vulnerabilities because the library fails to properly bounds-check user-supplied input before copying it to insufficiently sized memory buffers.
Exploiting these issues may allow attackers to execute arbitrary machine code in the context of applications that use the library. Depending on the nature of the applications using the library, these issues may be locally or remotely exploited. Failed exploit attempts may crash the affected applications.
STLport versions prior to 5.0.3 are affected by these issues.
The STLport library is prone to multiple unspecified buffer-overflow vulnerabilities because the library fails to properly bounds-check user-supplied input before copying it to insufficiently sized memory buffers.
Exploiting these issues may allow attackers to execute arbitrary machine code in the context of applications that use the library. Depending on the nature of the applications using the library, these issues may be locally or remotely exploited. Failed exploit attempts may crash the affected applications.
STLport versions prior to 5.0.3 are affected by these issues.
Exploit / POC
STLPort Library Multiple Unspecified Buffer Overflow Vulnerabilities
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
STLPort Library Multiple Unspecified Buffer Overflow Vulnerabilities
Solution:
The vendor has released STLport version 5.0.3 to address these issues.
STLport STLport 5.0.2
Solution:
The vendor has released STLport version 5.0.3 to address these issues.
STLport STLport 5.0.2
-
STLport STLport-5.0.3.tar.gz
http://downloads.sourceforge.net/stlport/STLport-5.0.3.tar.gz?modtime= 1170462488&big_mirror=0
References
STLPort Library Multiple Unspecified Buffer Overflow Vulnerabilities
References:
References:
- Release Name: STLport 5.0.3 (STLport)
- STLport Home Page (STLport)