CVE-2012-2090
EPSS 4.5%
Description
Multiple format string vulnerabilities in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in certain data chunk values in an aircraft xml model to (1) fgfs/flightgear/src/Cockpit/panel.cxx or (2) fgfs/flightgear/src/Network/generic.cxx, or (3) a scene graph model to simgear/simgear/scene/model/SGText.cxx.
How to fix CVE-2012-2090
To remediate CVE-2012-2090, upgrade the affected package to a fixed version below.
- Debian/flightgear—upgrade to 2.6.0-1.1 or later
- Debian/simgear—upgrade to 2.10.0-2 or later
Is CVE-2012-2090 being exploited?
Low — EPSS is 4.5%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2.6.0-1.1
- from 0, < 2.10.0-2