CVE-2012-6090

Name of the Vulnerable Software and Affected Versions SWI-Prolog versions prior to 6.2.5 SWI-Prolog versions 6.3.x prior to 6.3.7

Description The issue is related to multiple stack-based buffer overflows in the expand function in os/pl-glob.c. This can be exploited by remote attackers using a crafted filename, potentially leading to a denial of service (application crash) or possibly the execution of arbitrary code.

Recommendations For SWI-Prolog versions prior to 6.2.5, update to version 6.2.5 or later. For SWI-Prolog versions 6.3.x prior to 6.3.7, update to version 6.3.7 or later.