Anonymous | Login | Signup for a new account | 2024-04-20 09:36 UTC |
My View | View Issues | Change Log | Roadmap | Zandronum Issue Support Ranking | Rules | My Account |
View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
ID | Project | Category | View Status | Date Submitted | Last Update | ||||
0002961 | Zandronum | [All Projects] Bug | public | 2016-12-16 16:17 | 2018-09-30 21:48 | ||||
Reporter | Balrog | ||||||||
Assigned To | Torr Samaho | ||||||||
Priority | high | Severity | exploit | Reproducibility | have not tried | ||||
Status | closed | Resolution | fixed | ||||||
Platform | OS | OS Version | |||||||
Product Version | 2.1 | ||||||||
Target Version | 3.0 | Fixed in Version | 3.0 | ||||||
Summary | 0002961: Code execution vulnerability in Game_Music_Emu | ||||||||
Description | 'http://forum.zdoom.org/viewtopic.php?f=7&t=54613 [^]' The tl;dr is that Game_Music_Emu has a couple bugs in it that can enable arbitrary code execution by playing a malformed SPC file. The fix is trivial, and already pushed to ZDoom git, but I'm still reporting it here because it's a security bug and fixing it requires rebuilding with an updated libgme if it's statically linked. | ||||||||
Attached Files | |||||||||
Notes | |
(0016541) Torr Samaho (administrator) 2016-12-22 19:49 |
I backported the ZDoom patch. |
(0016951) Ru5tK1ng (updater) 2017-03-06 05:47 |
I'm not sure this can be tested unless someone tries to fiddle with a 'dirty' SPC file. I'd say this is safe to close unless someone feels otherwise. |
This issue is already marked as resolved. If you feel that is not the case, please reopen it and explain why. |
|
Supporters: | No one explicitly supports this issue yet. |
Opponents: | No one explicitly opposes this issue yet. |
Issue History | |||
Date Modified | Username | Field | Change |
2016-12-16 16:17 | Balrog | New Issue | |
2016-12-22 19:49 | Torr Samaho | Note Added: 0016541 | |
2016-12-22 19:49 | Torr Samaho | Product Version | => 2.1 |
2016-12-22 19:49 | Torr Samaho | Target Version | => 3.0 |
2016-12-22 19:49 | Torr Samaho | Assigned To | => Torr Samaho |
2016-12-22 19:49 | Torr Samaho | Status | new => needs testing |
2017-03-06 05:47 | Ru5tK1ng | Note Added: 0016951 | |
2017-03-06 05:47 | Ru5tK1ng | Status | needs testing => resolved |
2017-03-06 05:47 | Ru5tK1ng | Resolution | open => fixed |
2017-03-06 05:47 | Ru5tK1ng | Fixed in Version | => 3.0 |
2018-09-30 21:48 | Blzut3 | Status | resolved => closed |
Copyright © 2000 - 2024 MantisBT Team |