PT-2005-2399 · Stlport+2 · Stlport+2

Luigi Auriemma

Published

2005-05-03

Updated

2008-09-05

CVE-2005-1402

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions: Mtp-Target version 1.2.2 and earlier NeL library versions prior to the version that fixes the integer signedness error

Description: The issue is caused by an integer signedness error in certain older versions of the NeL library. This error allows remote attackers to cause a denial of service, resulting in memory consumption or server crash, by providing a negative value in a STLport call. The error occurs because the negative value is not caught by a signed comparison.

Recommendations: For Mtp-Target version 1.2.2 and earlier, update to a version that includes the fix for the integer signedness error in the NeL library. For NeL library versions prior to the version that fixes the integer signedness error, update to a version that includes the fix. As a temporary workaround, consider restricting the input values to prevent negative numbers from being passed to the STLport call.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-1402

Affected Products

Mtp-Target

Nel Library

Stlport

PT-2005-2399 · Stlport+2 · Stlport+2

CVE-2005-1402

Related Identifiers

Affected Products

References · 4