Bug ID | 1015941 |
---|---|
Summary | VUL-0: CVE-2016-9957, CVE-2016-9958, CVE-2016-9959, CVE-2016-9960, CVE-2016-9961: Game Music Emulators: incorrect emulation of the SPC700 audio co-processor of SNES: arbitrary code execution via malformed SPC music file |
Classification | openSUSE |
Product | openSUSE Distribution |
Version | Leap 42.2 |
Hardware | Other |
OS | Other |
Status | NEW |
Severity | Normal |
Priority | P5 - None |
Component | Security |
Assignee | security-team@suse.de |
Reporter | mikhail.kasimov@gmail.com |
QA Contact | qa-bugs@suse.de |
Found By | --- |
Blocker | --- |
References:[1] http://seclists.org/oss-sec/2016/q4/682 ========================================================= [1]: Hi As reported by Chris Evans via http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html Incorrect emulation of the SPC700 audio co-processor of the Super Nintendo Entertainment System allows the execution of arbitrary code if a malformed SPC music file is opened. Debian released a DSA for this issue (in the qemu-music-emu source package): https://lists.debian.org/debian-security-announce/2016/msg00318.html Could you please assign a CVE for this issue. Regards, Salvatore ========================================================= [2] Vuln Description with Patch: http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html Assigned CVEs: [3] http://seclists.org/oss-sec/2016/q4/692 CVE-2016-9958 CVE-2016-9959 CVE-2016-9960 CVE-2016-9961