Mesa "validate_uniform_parameters()" Buffer Overflow

by Carol~ Moderator - 12/5/12 11:59 AM

In Reply to: VULNERABILITIES / FIXES - December 05, 2012 by Carol~ Moderator

Mesa "validate_uniform_parameters()" Buffer Overflow Vulnerability

Release Date : 2012-12-05

Criticality level : Less critical
Impact : DoS
Where : From remote
Solution Status : Vendor Patch

Software: Mesa 8.x

A vulnerability has been reported in Mesa, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within the "validate_uniform_parameters()" function (main/uniform_query.cpp) when handling certain uniform values and can be exploited to cause a heap-based buffer overflow.

The vulnerability is reported in versions 8.0.5 and prior.

No official solution is currently available.

Provided and/or discovered by:
Originally reported by miaubiz in Google Chrome.

Original Advisory: