Mupen64Plus Integer Overflow Vulnerability in is_viewer Function Allows Remote Code Execution
Vulnerability
An integer overflow vulnerability has been identified in Mupen64Plus versions through 2.6.0, specifically within the write_is_viewer function of the file src/device/cart/is_viewer.c. This vulnerability can be exploited remotely by injecting malicious code into a game's ROM, which could then be executed on the host machine, escaping the emulator's sandbox. The exploitation process is considered complex and difficult.
Impact
Exploitation of this vulnerability leads to an integer overflow, which can cause a buffer overflow. This allows for arbitrary code execution on the host machine.
Reproduction
The vulnerability can be reproduced by loading a crafted ROM that exploits the integer overflow in the write_is_viewer function. This can be done using the Mupen64Plus emulator with the AddressSanitizer enabled, which will reveal the memory overlap caused by the overflow during the emulation process.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.