[原文]Format string vulnerability in the WriteText function in agl_text.cpp in Milan Mimica Sparklet 0.9.4 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a player nickname.
Sparklet agl_text.cpp Multiple Function Format String
Remote / Network Access,
Local / Remote,
Loss of Integrity
A vulnerability has been identified in Sparklet. This flaw is due to a format string error in the 'WriteText()' and 'allegro_gl_printf_ex()' functions when handling user-supplied input (e.g. nickname), which could be exploited by remote attackers to crash or compromise a vulnerable client via a malicious nickname.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.