ID CVE-2016-9959
Summary game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.
References
Vulnerable Configurations
  • openSUSE Leap 42.2
    cpe:2.3:o:opensuse:leap:42.2
  • OpenSUSE 12.1
    cpe:2.3:o:opensuse:opensuse:12.1
  • cpe:2.3:o:opensuse_project:leap:42.1
    cpe:2.3:o:opensuse_project:leap:42.1
  • SUSE Linux Enterprise 12.0
    cpe:2.3:o:suse:linux_enterprise:12.0
  • SUSE Linux Enterprise Desktop 12
    cpe:2.3:o:suse:linux_enterprise_desktop:12
  • SUSE Linux Enterprise Software Development Kit (SDK) 12
    cpe:2.3:o:suse:linux_enterprise_software_development_kit:12
  • SUSE Linux Enterprise Workstation Extension 12
    cpe:2.3:o:suse:linux_enterprise_workstation_extension:12
  • SUSE Linux Enterprise Server (SLES) 12
    cpe:2.3:o:suse:suse_linux_enterprise_server:12
  • cpe:2.3:a:game-music-emu_project:game-music-emu:0.6.0
    cpe:2.3:a:game-music-emu_project:game-music-emu:0.6.0
CVSS
Base: 6.8 (as of 19-04-2017 - 10:23)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-FBF9F8B204.NASL
    description Security fix for CVE-2016-9957, CVE-2016-9958, CVE-2016-9959, CVE-2016-9960, CVE-2016-9961 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-01
    plugin id 95948
    published 2016-12-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95948
    title Fedora 25 : game-music-emu (2016-fbf9f8b204)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-3D771A1702.NASL
    description Security fix for console video game music emu vulnerability in the fully optional audacious-plugins-exotic subpackage: CVE-2016-9957, CVE-2016-9958, CVE-2016-9959, CVE-2016-9960, CVE-2016-9961 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-01
    plugin id 96735
    published 2017-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96735
    title Fedora 24 : audacious-plugins (2017-3d771a1702)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-5BF9A268DF.NASL
    description Update from 3.8.1 to 3.8.2. Also fixes console video game music emu vulnerability in the fully optional audacious-plugins-exotic subpackage: CVE-2016-9957, CVE-2016-9958, CVE-2016-9959, CVE-2016-9960, CVE-2016-9961 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-01
    plugin id 96736
    published 2017-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96736
    title Fedora 25 : audacious / audacious-plugins (2017-5bf9a268df)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-04383482B4.NASL
    description Security fix for CVE-2016-9957, CVE-2016-9958, CVE-2016-9959, CVE-2016-9960, CVE-2016-9961 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-01
    plugin id 96196
    published 2017-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96196
    title Fedora 24 : game-music-emu (2016-04383482b4)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-750.NASL
    description Chris Evans found several issues in the emulation code in game-music-emu that could lead to arbitrary code execution. For Debian 7 'Wheezy', these problems have been fixed in version 0.5.5-2+deb7u1. We recommend that you upgrade your game-music-emu packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-10
    plugin id 96011
    published 2016-12-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96011
    title Debian DLA-750-1 : game-music-emu security update
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-3250-1.NASL
    description This update for libgme fixes the following issues : - CVE-2016-9957, CVE-2016-9958, CVE-2016-9959, CVE-2016-9960, CVE-2016-9961: Various issues were fixed in the handling of SPC music files that could have been exploited for gaining privileges of desktop users. [bsc#1015941] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 96135
    published 2016-12-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96135
    title SUSE SLED12 / SLES12 Security Update : libgme (SUSE-SU-2016:3250-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-13.NASL
    description This update for libgme fixes the following issues : - CVE-2016-9957, CVE-2016-9958, CVE-2016-9959, CVE-2016-9960, CVE-2016-9961: Various issues were fixed in the handling of SPC music files that could have been exploited for gaining privileges of desktop users. [bsc#1015941] This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2018-01-26
    plugin id 96295
    published 2017-01-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96295
    title openSUSE Security Update : libgme (openSUSE-2017-13)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201707-02.NASL
    description The remote host is affected by the vulnerability described in GLSA-201707-02 (Game Music Emu: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Game Music Emu. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted SPC music file, using Game Music Emu or an application linked against the Game Music Emu library, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-01-26
    plugin id 101333
    published 2017-07-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101333
    title GLSA-201707-02 : Game Music Emu: Multiple vulnerabilities
refmap via4
bid 95305
confirm https://bitbucket.org/mpyne/game-music-emu/wiki/Home
fedora
  • FEDORA-2016-04383482b4
  • FEDORA-2016-fbf9f8b204
  • FEDORA-2017-3d771a1702
  • FEDORA-2017-5bf9a268df
gentoo GLSA-201707-02
misc https://scarybeastsecurity.blogspot.in/2016/12/redux-compromising-linux-using-snes.html
mlist [oss-security] 20161215 Re: CVE Request: Game Music Emulators: incorrect emulation of the SPC700 audio co-processor of SNES: arbitrary code execution via malformed SPC music file
suse
  • SUSE-SA:2016:3250
  • openSUSE-SA:2017:0022
Last major update 20-04-2017 - 08:26
Published 12-04-2017 - 16:59
Last modified 30-10-2018 - 12:27
Back to Top