Multiple buffer overflows in STLport before 5.0.3 allow remote attackers to execute arbitrary code via unspecified vectors relating to (1) "print floats" and (2) a missing null termination in the "rope constructor."
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
| Link | Tags |
|---|---|
| http://www.securityfocus.com/bid/22423 | patch vendor advisory vdb entry third party advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/32244 | vdb entry third party advisory |
| http://sourceforge.net/project/shownotes.php?release_id=483468 | not applicable |
| http://secunia.com/advisories/24024 | not applicable third party advisory vendor advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/32242 | vdb entry third party advisory |
| http://osvdb.org/33106 | vdb entry broken link |
| http://www.vupen.com/english/advisories/2007/0498 | vdb entry permissions required |
| http://security.gentoo.org/glsa/glsa-200703-07.xml | third party advisory vendor advisory |
| http://osvdb.org/33107 | vdb entry broken link |
| http://secunia.com/advisories/24428 | third party advisory not applicable |