CVE-2013-4099

Name of the Vulnerable Software and Affected Versions JOGAMP version 2.0-rc11

Description The issue concerns multiple unspecified vulnerabilities in OpenAL32.dll in JOAL 2.0-rc11, as used in JOGAMP. These vulnerabilities allow context-dependent attackers to execute arbitrary code via a crafted parameter to various methods in the jogamp.openal.ALImpl.dispatch class. The affected methods include alAuxiliaryEffectSlotf, alBuffer3f, alBufferfv, alDeleteEffects, alEffectf, alEffectfv, alEffectiv, alEnable, alFilterfv, alFilteriv, alGenAuxiliaryEffectSlots, alGenEffects, alGenFilters, alGenSources, alGetAuxiliaryEffectSlotiv, alGetBuffer3f, alGetBuffer3i, alGetBufferf, alGetBufferiv, alGetDoublev, alGetEffectf, alGetEffectfv, alGetEffectiv, alGetEnumValue, alGetFilteri, alGetFilteriv, alGetFloat, alGetFloatv, alGetListener3f, alGetListener3i, alGetListenerf, alGetListeneri, alGetListeneriv, alGetProcAddress, alGetProcAddressStatic, alGetSource3f, alGetSource3i, alGetSourcef, alGetSourcefv, alGetSourcei, alGetSourceiv, alGetString, alIsAuxiliaryEffectSlot, alIsBuffer, alIsEffect, alIsExtensionPresent, alIsFilter, alListener3f, alListener3i, alListenerf, alListenerfv, alListeneri, alListeneriv, alSource3f, alSource3i, alSourcef, alSourcefv, alSourcei, alSourceiv, alSourcePause, alSourcePausev, alSourcePlay, alSourcePlayv, alSourceQueueBuffers, alSourceRewindv, alSourceStop, alSourceStopv, alSourceUnqueueBuffers, or alSpeedOfSound.

Recommendations As a temporary workaround, consider disabling the affected methods in the jogamp.openal.ALImpl.dispatch class until a patch is available. Restrict access to the vulnerable OpenAL32.dll module to minimize the risk of exploitation. Avoid using crafted parameters to the affected methods in the vulnerable version of JOGAMP. At the moment, there is no information about a newer version that contains a fix for this vulnerability.