CVE-2012-2090

描述

Multiple format string vulnerabilities in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in certain data chunk values in an aircraft xml model to (1) fgfs/flightgear/src/Cockpit/panel.cxx or (2) fgfs/flightgear/src/Network/generic.cxx, or (3) a scene graph model to simgear/simgear/scene/model/SGText.cxx.

受影響套件(2)

• Debian/flightgearfrom 0, < 2.6.0-1.1
• Debian/simgearfrom 0, < 2.10.0-2

參考連結(1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2012-2090