CVE-2005-1402

Name of the Vulnerable Software and Affected Versions: Mtp-Target version 1.2.2 and earlier NeL library versions prior to the version that fixes the integer signedness error

Description: The issue is caused by an integer signedness error in certain older versions of the NeL library. This error allows remote attackers to cause a denial of service, resulting in memory consumption or server crash, by providing a negative value in a STLport call. The error occurs because the negative value is not caught by a signed comparison.

Recommendations: For Mtp-Target version 1.2.2 and earlier, update to a version that includes the fix for the integer signedness error in the NeL library. For NeL library versions prior to the version that fixes the integer signedness error, update to a version that includes the fix. As a temporary workaround, consider restricting the input values to prevent negative numbers from being passed to the STLport call.