oss-sec mailing list archives
Re: CVE Request: Game Music Emulators: incorrect emulation of the SPC700 audio co-processor of SNES: arbitrary code execution via malformed SPC music file
From: Salvatore Bonaccorso <carnil () debian org>
Date: Thu, 15 Dec 2016 06:38:03 +0100
H, On Thu, Dec 15, 2016 at 06:33:48AM +0100, Salvatore Bonaccorso wrote:
Hi As reported by Chris Evans via http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html Incorrect emulation of the SPC700 audio co-processor of the Super Nintendo Entertainment System allows the execution of arbitrary code if a malformed SPC music file is opened. Debian released a DSA for this issue (in the qemu-music-emu source package):
There is an obvious typo in the above, not qemu-music-emu, but game-music-emu. Regards, Salvatore
Current thread:
- CVE Request: Game Music Emulators: incorrect emulation of the SPC700 audio co-processor of SNES: arbitrary code execution via malformed SPC music file Salvatore Bonaccorso (Dec 14)
- Re: CVE Request: Game Music Emulators: incorrect emulation of the SPC700 audio co-processor of SNES: arbitrary code execution via malformed SPC music file Salvatore Bonaccorso (Dec 14)
- Re: CVE Request: Game Music Emulators: incorrect emulation of the SPC700 audio co-processor of SNES: arbitrary code execution via malformed SPC music file cve-assign (Dec 15)