Irrlicht: User-assisted execution of arbitrary code
Gentoo Linux Security Advisory
||GLSA 200903-10 / irrlicht
||March 07, 2009
||March 07, 2009: 01
All supported architectures
A buffer overflow might lead to the execution of arbitrary code or a Denial
The Irrlicht Engine is an open source cross-platform high performance
realtime 3D engine written in C++.
An unspecified component of the B3D loader is vulnerable to a buffer
overflow due to missing boundary checks.
A remote attacker could entice a user to open a specially crafted .irr
file, possibly resulting in the execution of arbitrary code with the
privileges of the user running the application, or a Denial of Service
There is no known workaround at this time.
All irrlicht users should upgrade to the latest version:
Code Listing 3.1: Resolution
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-games/irrlicht-1.5"