| Title | JogAmp で使用される JOAL の OpenAL32.dll における任意のコードを実行される脆弱性 |
|---|---|
| Summary | JogAmp で使用される JOAL の OpenAL32.dll には、任意のコードを実行される脆弱性が存在します。 |
| Possible impacts | 攻撃者により、jogamp.openal.ALImpl.dispatch の下記のメソッドの巧妙に細工されたパラメータを介して、任意のコードを実行される可能性があります。 (1) alAuxiliaryEffectSlotf1 (2) alBuffer3f1 (3) alBufferfv1 (4) alDeleteEffects1 (5) alEffectf1 (6) alEffectfv1 (7) alEffectiv1 (8) alEnable1 (9) alFilterfv1 (10) alFilteriv1 (11) alGenAuxiliaryEffectSlots1 (12) alGenEffects1 (13) alGenFilters1 (14) alGenSources1 (15) alGetAuxiliaryEffectSlotiv1 (16) alGetBuffer3f1 (17) alGetBuffer3i1 (18) alGetBufferf1 (19) alGetBufferiv1 (20) alGetDoublev1 (21) alGetEffectf1 (22) alGetEffectfv1 (23) alGetEffectiv1 (24) alGetEnumValue1 (25) alGetFilteri1 (26) alGetFilteriv1 (27) alGetFloat1 (28) alGetFloatv1 (29) alGetListener3f1 (30) alGetListener3i1 (31) alGetListenerf1 (32) alGetListeneri1 (33) alGetListeneriv1 (34) alGetProcAddress1 (35) alGetProcAddressStatic (36) alGetSource3f1 (37) alGetSource3i1 (38) alGetSourcef! 1 (39) alGetSourcefv1 (40) alGetSourcei1 (41) alGetSourceiv1 (42) alGetString1java/lang/String (43) alIsAuxiliaryEffectSlot1 (44) alIsBuffer1 (45) alIsEffect1 (46) alIsExtensionPresent1 (47) alIsFilter1 (48) alListener3f1 (49) alListener3i1 (50) alListenerf1 (51) alListenerfv1 (52) alListeneri1 (53) alListeneriv1 (54) alSource3f1 (55) alSource3i1 (56) alSourcef1 (57) alSourcefv1 (58) alSourcei1 (59) alSourceiv1 (60) alSourcePause1 (61) alSourcePausev1 (62) alSourcePlay1 (63) alSourcePlayv1 (64) alSourceQueueBuffers1 (65) alSourceRewindv1 (66) alSourceStop1 (67) alSourceStopv1 (68) alSourceUnqueueBuffers1 (69) alSpeedOfSound1 |
| Solution | ベンダ情報および参考情報を参照して適切な対策を実施してください。 |
| Publication Date | June 27, 2013, midnight |
| Registration Date | June 16, 2014, 6:12 p.m. |
| Last Update | June 16, 2014, 6:12 p.m. |
| CVSS2.0 : 危険 | |
| Score | 10 |
|---|---|
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
| JogAmp.org |
| JOAL 2.0-rc11 |
| JogAmp |
| No | Changed Details | Date of change |
|---|---|---|
| 0 | [2014年06月16日] 掲載 |
Feb. 17, 2018, 10:37 a.m. |
| Summary | Multiple unspecified vulnerabilities in OpenAL32.dll in JOAL 2.0-rc11, as used in JOGAMP, allow context-dependent attackers to execute arbitrary code via a crafted parameter to the (1) alAuxiliaryEffectSlotf1, (2) alBuffer3f1, (3) alBufferfv1, (4) alDeleteEffects1, (5) alEffectf1, (6) alEffectfv1, (7) alEffectiv1, (8) alEnable1, (9) alFilterfv1, (10) alFilteriv1, (11) alGenAuxiliaryEffectSlots1, (12) alGenEffects1, (13) alGenFilters1, (14) alGenSources1, (15) alGetAuxiliaryEffectSlotiv1, (16) alGetBuffer3f1, (17) alGetBuffer3i1, (18) alGetBufferf1, (19) alGetBufferiv1, (20) alGetDoublev1, (21) alGetEffectf1, (22) alGetEffectfv1, (23) alGetEffectiv1, (24) alGetEnumValue1, (25) alGetFilteri1, (26) alGetFilteriv1, (27) alGetFloat1, (28) alGetFloatv1, (29) alGetListener3f1, (30) alGetListener3i1, (31) alGetListenerf1, (32) alGetListeneri1, (33) alGetListeneriv1, (34) alGetProcAddress1, (35) alGetProcAddressStatic, (36) alGetSource3f1, (37) alGetSource3i1, (38) alGetSourcef1, (39) alGetSourcefv1, (40) alGetSourcei1, (41) alGetSourceiv1, (42) alGetString1java/lang/String;, (43) alIsAuxiliaryEffectSlot1, (44) alIsBuffer1, (45) alIsEffect1, (46) alIsExtensionPresent1, (47) alIsFilter1, (48) alListener3f1, (49) alListener3i1, (50) alListenerf1, (51) alListenerfv1, (52) alListeneri1, (53) alListeneriv1, (54) alSource3f1, (55) alSource3i1, (56) alSourcef1, (57) alSourcefv1, (58) alSourcei1, (59) alSourceiv1, (60) alSourcePause1, (61) alSourcePausev1, (62) alSourcePlay1, (63) alSourcePlayv1, (64) alSourceQueueBuffers1, (65) alSourceRewindv1, (66) alSourceStop1, (67) alSourceStopv1, (68) alSourceUnqueueBuffers1, or (69) alSpeedOfSound1 method in jogamp.openal.ALImpl.dispatch. |
|---|---|
| Publication Date | June 13, 2014, 11:55 p.m. |
| Registration Date | Jan. 26, 2021, 3:42 p.m. |
| Last Update | Nov. 21, 2024, 10:54 a.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:jogamp:jogamp:-:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:jogamp:joal:2.0:rc11:*:*:*:*:*:* | |||||