MantisBT - Zandronum | |||||
| View Issue Details | |||||
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0002961 | Zandronum | [All Projects] Bug | public | 2016-12-16 16:17 | 2018-09-30 21:48 |
| Reporter | Balrog | ||||
| Assigned To | Torr Samaho | ||||
| Priority | high | Severity | exploit | Reproducibility | have not tried |
| Status | closed | Resolution | fixed | ||
| Platform | OS | OS Version | |||
| Product Version | 2.1 | ||||
| Target Version | 3.0 | Fixed in Version | 3.0 | ||
| Summary | 0002961: Code execution vulnerability in Game_Music_Emu | ||||
| Description | 'http://forum.zdoom.org/viewtopic.php?f=7&t=54613 [^]' The tl;dr is that Game_Music_Emu has a couple bugs in it that can enable arbitrary code execution by playing a malformed SPC file. The fix is trivial, and already pushed to ZDoom git, but I'm still reporting it here because it's a security bug and fixing it requires rebuilding with an updated libgme if it's statically linked. | ||||
| Steps To Reproduce | |||||
| Additional Information | |||||
| Tags | No tags attached. | ||||
| Relationships | |||||
| Attached Files | |||||
| Issue History | |||||
| Date Modified | Username | Field | Change | ||
| 2016-12-16 16:17 | Balrog | New Issue | |||
| 2016-12-22 19:49 | Torr Samaho | Note Added: 0016541 | |||
| 2016-12-22 19:49 | Torr Samaho | Product Version | => 2.1 | ||
| 2016-12-22 19:49 | Torr Samaho | Target Version | => 3.0 | ||
| 2016-12-22 19:49 | Torr Samaho | Assigned To | => Torr Samaho | ||
| 2016-12-22 19:49 | Torr Samaho | Status | new => needs testing | ||
| 2017-03-06 05:47 | Ru5tK1ng | Note Added: 0016951 | |||
| 2017-03-06 05:47 | Ru5tK1ng | Status | needs testing => resolved | ||
| 2017-03-06 05:47 | Ru5tK1ng | Resolution | open => fixed | ||
| 2017-03-06 05:47 | Ru5tK1ng | Fixed in Version | => 3.0 | ||
| 2018-09-30 21:48 | Blzut3 | Status | resolved => closed | ||
| Notes | |||||
|
|
|||||
|
|
||||
|
|
|||||
|
|
||||