CVE-2012-1189

EUVD-2012-1217
Stack-based buffer overflow in modules/graphic/ssgraph/grsound.cpp in The Open Racing Car Simulator (TORCS) before 1.3.3 and Speed Dreams allows user-assisted remote attackers to execute arbitrary code via a long file name in an engine sample attribute in an xml configuration file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
Affected Products (NVD)
VendorProductVersion
bernhard_wymanntorcs
𝑥
≤ 1.3.2
bernhard_wymanntorcs
1.2.3
bernhard_wymanntorcs
1.2.4
bernhard_wymanntorcs
1.3.0
bernhard_wymanntorcs
1.3.1
speed-dreamsspeed_dreams
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
torcs
bookworm
1.3.7+dfsg-5
fixed
bullseye
1.3.7+dfsg-5
fixed
sid
1.3.7+dfsg-5
fixed
squeeze
no-dsa
trixie
1.3.7+dfsg-5
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
torcs
hardy
ignored
lucid
ignored
maverick
ignored
natty
ignored
oneiric
ignored
precise
ignored
quantal
not-affected
raring
not-affected
saucy
not-affected
trusty
dne
utopic
not-affected
vivid
not-affected
wily
not-affected
xenial
not-affected
yakkety
not-affected
zesty
not-affected
Common Weakness Enumeration
References
http://freecode.com/projects/torcs/releases/341672
http://torcs.sourceforge.net/index.php?name=News&file=article&sid=79
http://www.exploit-db.com/exploits/18471
http://www.openwall.com/lists/oss-security/2012/02/18/2
http://www.openwall.com/lists/oss-security/2012/03/05/18
http://www.osvdb.org/79372
http://freecode.com/projects/torcs/releases/341672
http://torcs.sourceforge.net/index.php?name=News&file=article&sid=79
http://www.exploit-db.com/exploits/18471
http://www.openwall.com/lists/oss-security/2012/02/18/2
http://www.openwall.com/lists/oss-security/2012/03/05/18
http://www.osvdb.org/79372