Bug#927152: teeworlds: CVE-2019-10877 CVE-2019-10878 CVE-2019-10879

Jordy Ruiz jordy.ruiz at univ-lille.fr
Mon Apr 22 20:42:14 BST 2019


On Mon, 15 Apr 2019 18:07:12 +0200 Markus Koschany wrote:
 > Package: teeworlds
 > X-Debbugs-CC: team at security.debian.org
 > Severity: grave
 > Tags: security
 >
 > Hi,
 >
 > The following vulnerabilities were published for teeworlds.
 >
 > CVE-2019-10877[0]:
 > | In Teeworlds 0.7.2, there is an integer overflow in CMap::Load() in
 > | engine/shared/map.cpp that can lead to a buffer overflow, because
 > | multiplication of width and height is mishandled.
 >
 >
 > CVE-2019-10878[1]:
 > | In Teeworlds 0.7.2, there is a failed bounds check in
 > | CDataFileReader::GetData() and CDataFileReader::ReplaceData() and
 > | related functions in engine/shared/datafile.cpp that can lead to an
 > | arbitrary free and out-of-bounds pointer write, possibly resulting in
 > | remote code execution.
 >
 >
 > CVE-2019-10879[2]:
 > | In Teeworlds 0.7.2, there is an integer overflow in
 > | CDataFileReader::Open() in engine/shared/datafile.cpp that can lead to
 > | a buffer overflow and possibly remote code execution, because size-
 > | related multiplications are mishandled.
 >
 >
 > If you fix the vulnerabilities please also make sure to include the
 > CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
 >
 > For further information see:
 >
 > [0] https://security-tracker.debian.org/tracker/CVE-2019-10877
 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10877
 > [1] https://security-tracker.debian.org/tracker/CVE-2019-10878
 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10878
 > [2] https://security-tracker.debian.org/tracker/CVE-2019-10879
 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10879
 >
 > Please adjust the affected versions in the BTS as needed.
 >
 > Regards,
 >
 > Markus

 >


Hi,

Teeworlds 0.7.3 was released and includes the aforementioned patches: 
https://teeworlds.com/?page=journal&id=12806

 > fix security vulnerabilities CVE-2019-10879, CVE-2019-10879, 
CVE-2019-10879

Greetings,
Dune




More information about the Pkg-games-devel mailing list