USN-7913-1

Details

It was discovered that the stb library, included in MAME, had a heap-based buffer overflow. An attacker could possibly use this issue to crash the program or execute arbitrary code. (CVE-2018-16981)

It was discovered that the tinyexr library, included in MAME, had a heap- based buffer over-read in the function DecodePixelData. An attacker could possibly use this issue to expose sensitive information or crash the program. (CVE-2022-34300)

It was discovered that the expat library, included in MAME, had an integer-overflow in the function doProlog. An attacker could possibly use this issue to crash the program or execute arbitrary code. (CVE-2021-46143)

Affected Packages

Ubuntu:25.04mame

Fixed in:

0.275+dfsg.1-3ubuntu0.1

Ubuntu:25.10mame

Fixed in:

0.277+dfsg.1-4ubuntu0.1

Ubuntu:Pro:18.04:LTSmame

Fixed in:

0.195+dfsg.1-2ubuntu0.1~esm1

Ubuntu:Pro:20.04:LTSmame

Fixed in:

0.220+dfsg.1-1ubuntu0.1~esm1

Ubuntu:Pro:22.04:LTSmame

Fixed in:

0.242+dfsg.1-1ubuntu0.1~esm1

Ubuntu:Pro:24.04:LTSmame

Fixed in:

0.264+dfsg.1-1ubuntu0.1~esm1

References

REPORThttps://ubuntu.com/security/CVE-2018-16981 REPORThttps://ubuntu.com/security/CVE-2021-46143 REPORThttps://ubuntu.com/security/CVE-2022-34300 ADVISORYhttps://ubuntu.com/security/notices/USN-7913-1

USN-7913-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline