https://scarybeastsecurity.blogspot.com ... -snes.html
A fellow by the name of Chris Evans has released a proof-of-concept exploit for vulnerabilities in Game_Music_Emu (what ZDoom uses to play emulated music formats) that allow code execution. The proof of concept is for GStreamer, but the vulnerability just consists of feeding libgme a specially crafted SPC file that triggers a heap overflow and then executes a COP gadget ending in a call to system(). I suspect the vulnerability can be adapted easily to ZDoom on Linux, as it doesn't really matter what calls libgme as long as the poisoned SPC is played. Other platforms would be a bit trickier, but still doable.
While this isn't strictly a ZDoom issue, it would still be a good idea to push new release builds with a patched libgme as outlined in the writeup.
[Game_Music_Emu][Security] Code execution vuln in libgme
Moderator: GZDoom Developers
Forum rules
Please don't bump threads here if you have a problem - it will often be forgotten about if you do. Instead, make a new thread here.
Please don't bump threads here if you have a problem - it will often be forgotten about if you do. Instead, make a new thread here.
-
Edward-san
- Posts: 1774
- Joined: Sat Oct 17, 2009 9:40 am
Re: [Game_Music_Emu][Security] Code execution vuln in libgme
Thanks! Since I use the system libgme (using Ubuntu 16.04), I got already the security fix, but since some people may not have received the security update, here's the fix for ZDoom.