Gentoo Logo

STLport: Possible remote execution of arbitrary code


1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200703-07 / STLport
Release Date March 06, 2007
Latest Revision March 06, 2007: 01
Impact normal
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
dev-libs/STLport < 5.0.3 >= 5.0.3 All supported architectures

Related bugreports: #165837


Two buffer overflows have been discovered in STLport possibly leading to the remote execution of arbitrary code.

2.  Impact Information


STLport is a multi-platform C++ Standard Library implementation.


Two buffer overflows have been discovered, one in "print floats" and one in the rope constructor.


Both of the buffer overflows could result in the remote execution of arbitrary code. Please note that the exploitability of the vulnerabilities depends on how the library is used by other software programs.

3.  Resolution Information


There is no known workaround at this time.


All STLport users should upgrade to the latest version.

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/STLport-5.0.3"

4.  References


Page updated March 06, 2007

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2015 Gentoo Foundation, Inc. Questions, Comments? Contact us.