oss-sec mailing list archives
CVE Request: Game Music Emulators: incorrect emulation of the SPC700 audio co-processor of SNES: arbitrary code execution via malformed SPC music file
From: Salvatore Bonaccorso <carnil () debian org>
Date: Thu, 15 Dec 2016 06:33:48 +0100
Hi As reported by Chris Evans via http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html Incorrect emulation of the SPC700 audio co-processor of the Super Nintendo Entertainment System allows the execution of arbitrary code if a malformed SPC music file is opened. Debian released a DSA for this issue (in the qemu-music-emu source package): https://lists.debian.org/debian-security-announce/2016/msg00318.html Could you please assign a CVE for this issue. Regards, Salvatore
Current thread:
- CVE Request: Game Music Emulators: incorrect emulation of the SPC700 audio co-processor of SNES: arbitrary code execution via malformed SPC music file Salvatore Bonaccorso (Dec 14)
- Re: CVE Request: Game Music Emulators: incorrect emulation of the SPC700 audio co-processor of SNES: arbitrary code execution via malformed SPC music file Salvatore Bonaccorso (Dec 14)
- Re: CVE Request: Game Music Emulators: incorrect emulation of the SPC700 audio co-processor of SNES: arbitrary code execution via malformed SPC music file cve-assign (Dec 15)