CVE-2012-2090

EPSS 4.5%

Published: 6/17/2012Modified: 4/28/2026

Also known as:DEBIAN-CVE-2012-2090

Description

Multiple format string vulnerabilities in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in certain data chunk values in an aircraft xml model to (1) fgfs/flightgear/src/Cockpit/panel.cxx or (2) fgfs/flightgear/src/Network/generic.cxx, or (3) a scene graph model to simgear/simgear/scene/model/SGText.cxx.

Affected packages (2)

Debian/flightgearfrom 0, < 2.6.0-1.1
Debian/simgearfrom 0, < 2.10.0-2

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2012-2090