CVE-2012-2090

Name of the Vulnerable Software and Affected Versions FlightGear versions 2.6 and earlier SimGear versions 2.6 and earlier

Description The issue allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in certain data chunk values in an aircraft xml model. This affects files such as fgfs/flightgear/src/Cockpit/panel.cxx, fgfs/flightgear/src/Network/generic.cxx, or simgear/simgear/scene/model/SGText.cxx in scene graph models.

Recommendations For FlightGear versions 2.6 and earlier, consider updating to a version later than 2.6 to resolve the issue. For SimGear versions 2.6 and earlier, consider updating to a version later than 2.6 to resolve the issue. As a temporary workaround, consider restricting the use of format string specifiers in aircraft xml models to minimize the risk of exploitation.