Skip to content

CVE-2004-1265

Directory actions

More options

Directory actions

More options

Latest commit

 

History

History

CVE-2004-1265

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
7.3ds
7.3ds
 
 
README.md
README.md
 
 

README.md

CVE-2004-1265

Experiment Environment

Ubuntu 14.04 & Ubuntu 11.04

INSTALL & Configuration

wget https://github.com/mudongliang/source-packages/raw/master/CVE-2004-1265/convex3d-0.8pre1.tar.bz2 tar -xvf convex3d-0.8pre1.tar.bz2 cd convex3d-0.8pre1 ./configure --with-opengl=no --with-x=no --with-gtkgui=no make

Problems in Installation & Configuration

How to trigger vulnerability

./convex-tool/convex-tool -i 7.3ds -o 7.obj

PoCs

Convex 3D 0.8pre1 readObjectChunk overflows objectname buffer

iConvex 3D 0.8 - Buffer Overflow

Convex 3D Buffer Overflow in readObjectChunk

Convex 3D Buffer Overflow Vulnerability

Vulnerability Details & Patch

Root Cause

In 3dsimp.cpp, readObjectChunk() calls readName() to read any number of bytes into a 256-byte objectname buffer.

Stack Trace

References