oss-sec mailing list archives

Re: CVE Request: Game Music Emulators: incorrect emulation of the SPC700 audio co-processor of SNES: arbitrary code execution via malformed SPC music file

From: Salvatore Bonaccorso <carnil () debian org>
Date: Thu, 15 Dec 2016 06:38:03 +0100

H,

On Thu, Dec 15, 2016 at 06:33:48AM +0100, Salvatore Bonaccorso wrote:

Hi

As reported by Chris Evans via

http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html

Incorrect emulation of the SPC700 audio co-processor of the Super
Nintendo Entertainment System allows the execution of arbitrary code
if a malformed SPC music file is opened.

Debian released a DSA for this issue (in the qemu-music-emu source
package):


There is an obvious typo in the above, not qemu-music-emu, but
game-music-emu.

Regards,
Salvatore

Current thread:

CVE Request: Game Music Emulators: incorrect emulation of the SPC700 audio co-processor of SNES: arbitrary code execution via malformed SPC music file Salvatore Bonaccorso (Dec 14)
- Re: CVE Request: Game Music Emulators: incorrect emulation of the SPC700 audio co-processor of SNES: arbitrary code execution via malformed SPC music file Salvatore Bonaccorso (Dec 14)
- Re: CVE Request: Game Music Emulators: incorrect emulation of the SPC700 audio co-processor of SNES: arbitrary code execution via malformed SPC music file cve-assign (Dec 15)