Chat on our Discord Server
Get the latest version: 3.1Source Code
| Anonymous | Login | Signup for a new account | 2024-04-19 04:56 UTC |  |
| My View | View Issues | Change Log | Roadmap | Zandronum Issue Support Ranking | Rules | My Account |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
| 0002961 | Zandronum | [All Projects] Bug | public | 2016-12-16 16:17 | 2018-09-30 21:48 | ||||
| Reporter | Balrog | ||||||||
| Assigned To | Torr Samaho | ||||||||
| Priority | high | Severity | exploit | Reproducibility | have not tried | ||||
| Status | closed | Resolution | fixed | ||||||
| Platform | OS | OS Version | |||||||
| Product Version | 2.1 | ||||||||
| Target Version | 3.0 | Fixed in Version | 3.0 | ||||||
| Summary | 0002961: Code execution vulnerability in Game_Music_Emu | ||||||||
| Description | 'http://forum.zdoom.org/viewtopic.php?f=7&t=54613 [^]' The tl;dr is that Game_Music_Emu has a couple bugs in it that can enable arbitrary code execution by playing a malformed SPC file. The fix is trivial, and already pushed to ZDoom git, but I'm still reporting it here because it's a security bug and fixing it requires rebuilding with an updated libgme if it's statically linked. | ||||||||
| Attached Files | |||||||||
 Relationships |
|
 Relationships |
|
Notes |
|
 (0016541)Torr Samaho (administrator) 2016-12-22 19:49 |
I backported the ZDoom patch. |
 (0016951)Ru5tK1ng (updater) 2017-03-06 05:47 |
I'm not sure this can be tested unless someone tries to fiddle with a 'dirty' SPC file. I'd say this is safe to close unless someone feels otherwise. |
|
Notes |
|
This issue is already marked as resolved. If you feel that is not the case, please reopen it and explain why. |
|
| Supporters: | No one explicitly supports this issue yet. |
| Opponents: | No one explicitly opposes this issue yet. |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2016-12-16 16:17 | Balrog | New Issue | |
| 2016-12-22 19:49 | Torr Samaho | Note Added: 0016541 | |
| 2016-12-22 19:49 | Torr Samaho | Product Version | => 2.1 |
| 2016-12-22 19:49 | Torr Samaho | Target Version | => 3.0 |
| 2016-12-22 19:49 | Torr Samaho | Assigned To | => Torr Samaho |
| 2016-12-22 19:49 | Torr Samaho | Status | new => needs testing |
| 2017-03-06 05:47 | Ru5tK1ng | Note Added: 0016951 | |
| 2017-03-06 05:47 | Ru5tK1ng | Status | needs testing => resolved |
| 2017-03-06 05:47 | Ru5tK1ng | Resolution | open => fixed |
| 2017-03-06 05:47 | Ru5tK1ng | Fixed in Version | => 3.0 |
| 2018-09-30 21:48 | Blzut3 | Status | resolved => closed |
|
Issue History |
| Copyright © 2000 - 2024 MantisBT Team |
 |
ZDoom
Doom Wiki
id Software
Doomworld
Odamex
Doomseeker
Internet Doom Explorer
The Sentinel's Playground Servers