|Anonymous | Login | Signup for a new account||2017-04-27 11:07 UTC|
|My View | View Issues | Change Log | Roadmap | Zandronum Issue Support Ranking | Rules | My Account|
|View Issue Details|
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0002961||Zandronum||[All Projects] Bug||public||2016-12-16 16:17||2017-03-06 05:47|
|Assigned To||Torr Samaho|
|Priority||high||Severity||exploit||Reproducibility||have not tried|
|Target Version||3.0||Fixed in Version||3.0|
|Summary||0002961: Code execution vulnerability in Game_Music_Emu|
The tl;dr is that Game_Music_Emu has a couple bugs in it that can enable arbitrary code execution by playing a malformed SPC file. The fix is trivial, and already pushed to ZDoom git, but I'm still reporting it here because it's a security bug and fixing it requires rebuilding with an updated libgme if it's statically linked.
Torr Samaho (administrator)
|I backported the ZDoom patch.|
|I'm not sure this can be tested unless someone tries to fiddle with a 'dirty' SPC file. I'd say this is safe to close unless someone feels otherwise.|
This issue is already marked as resolved.
If you feel that is not the case, please reopen it and explain why.
|Supporters:||No one explicitly supports this issue yet.|
|Opponents:||No one explicitly opposes this issue yet.|
|2016-12-16 16:17||Balrog||New Issue|
|2016-12-22 19:49||Torr Samaho||Note Added: 0016541|
|2016-12-22 19:49||Torr Samaho||Product Version||=> 2.1|
|2016-12-22 19:49||Torr Samaho||Target Version||=> 3.0|
|2016-12-22 19:49||Torr Samaho||Assigned To||=> Torr Samaho|
|2016-12-22 19:49||Torr Samaho||Status||new => needs testing|
|2017-03-06 05:47||Ru5tK1ng||Note Added: 0016951|
|2017-03-06 05:47||Ru5tK1ng||Status||needs testing => resolved|
|2017-03-06 05:47||Ru5tK1ng||Resolution||open => fixed|
|2017-03-06 05:47||Ru5tK1ng||Fixed in Version||=> 3.0|
Questions or other issues? Contact Us.
|Copyright © 2000 - 2017 MantisBT Team|