| Bug ID | 1015941 |
|---|---|
| Summary | VUL-0: CVE-2016-9957, CVE-2016-9958, CVE-2016-9959, CVE-2016-9960, CVE-2016-9961: Game Music Emulators: incorrect emulation of the SPC700 audio co-processor of SNES: arbitrary code execution via malformed SPC music file |
| Classification | openSUSE |
| Product | openSUSE Distribution |
| Version | Leap 42.2 |
| Hardware | Other |
| OS | Other |
| Status | NEW |
| Severity | Normal |
| Priority | P5 - None |
| Component | Security |
| Assignee | security-team@suse.de |
| Reporter | mikhail.kasimov@gmail.com |
| QA Contact | qa-bugs@suse.de |
| Found By | --- |
| Blocker | --- |
References:[1] http://seclists.org/oss-sec/2016/q4/682 ========================================================= [1]: Hi As reported by Chris Evans via http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html Incorrect emulation of the SPC700 audio co-processor of the Super Nintendo Entertainment System allows the execution of arbitrary code if a malformed SPC music file is opened. Debian released a DSA for this issue (in the qemu-music-emu source package): https://lists.debian.org/debian-security-announce/2016/msg00318.html Could you please assign a CVE for this issue. Regards, Salvatore ========================================================= [2] Vuln Description with Patch: http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html Assigned CVEs: [3] http://seclists.org/oss-sec/2016/q4/692 CVE-2016-9958 CVE-2016-9959 CVE-2016-9960 CVE-2016-9961