{"id":"MGASA-2020-0193","summary":"Updated dolphin-emu packages fix security vulnerability","details":"Updated dolphin-emu package fixes security vulnerabilities\n\nDolphin Emulator includes a modified copy of the SoundTouch library at\nversion 1.9.2. That version is subject to the following security issues:\n\n- The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp\n  in SoundTouch 1.9.2 allows remote attackers to cause a denial of service\n  (infinite loop and CPU consumption) via a crafted wav file (CVE-2017-9258)\n\n- The TDStretch::acceptNewOverlapLength function in source/SoundTouch/\n  TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a\n  denial of service (memory allocation error and application crash) via a\n  crafted wav file (CVE-2017-9259).\n\n- The TDStretchSSE::calcCrossCorr function in source/SoundTouch/\n  sse_optimized.cpp in SoundTouch 1.9.2 allows remote attackers to cause a\n  denial of service (heap-based buffer over-read and application crash) via\n  a crafted wav file (CVE-2017-9260).\n\n- Reachable assertion in RateTransposer::setChannels() causing denial of\n  service (CVE-2018-14044).\n\n- Reachable assertion in FIRFilter.cpp causing denial of service\n  (CVE-2018-14045).\n\n- Assertion failure in BPMDetect class in BPMDetect.cpp (CVE-2018-17096).\n\n- Out-of-bounds heap write in WavOutFile::write() (CVE-2018-17097).\n\n- Heap corruption in WavFileBase class in WavFile.cpp (CVE-2018-17098).\n\n- Heap-based buffer overflow in SoundStretch/WavFile.cpp:WavInFile\n  ::readHeaderBlock() potentially leading to code execution\n  (CVE-2018-1000223).\n\nThe bundled copy of SoundTouch was updated to version 2.1.2, thereby solving\ntheses issues in Dolphin Emulator.\n","modified":"2026-02-04T03:41:55.666065Z","published":"2020-05-05T12:20:37Z","related":["CVE-2017-9258","CVE-2017-9259","CVE-2017-9260","CVE-2018-1000223","CVE-2018-14044","CVE-2018-14045","CVE-2018-17096","CVE-2018-17097","CVE-2018-17098"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0193.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=26555"},{"type":"REPORT","url":"http://advisories.mageia.org/MGASA-2018-0331.html"},{"type":"REPORT","url":"http://advisories.mageia.org/MGASA-2018-0385.html"},{"type":"REPORT","url":"http://advisories.mageia.org/MGASA-2018-0462.html"},{"type":"REPORT","url":"https://github.com/dolphin-emu/dolphin/pull/8725"}],"affected":[{"package":{"name":"dolphin-emu","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/dolphin-emu?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.0.11824-1.mga7.tainted"}]}],"ecosystem_specific":{"section":"tainted"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0193.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}