lib3ds: User-assisted execution of arbitrary code
Gentoo Linux Security Advisory
||GLSA 201405-23 / lib3ds
||May 18, 2014
||May 18, 2014: 1
All supported architectures
A vulnerability in lib3ds might allow a remote attacker to execute
lib3ds is a library for managing 3D-Studio Release 3 and 4 .3DS files.
An array index error has been discovered in lib3ds.
A remote attacker could entice a user to open a specially crafted 3DS
file using an application linked against lib3ds, possibly resulting in
execution of arbitrary code with the privileges of the process or a
Denial of Service condition.
There is no known workaround at this time.
All lib3ds users should upgrade to the latest version:
Code Listing 3.1: Resolution
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/lib3ds-2.0.0_rc1"
Packages which depend on this library may need to be recompiled. Tools
such as revdep-rebuild may assist in identifying some of these packages.