[USN-7913-1] MAME vulnerabilities

[noreply+usn-bot]

==========================================================================
Ubuntu Security Notice USN-7913-1
December 04, 2025

mame vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in MAME.

Software Description:
- mame: MAME is a multi-purpose emulation framework

Details:

It was discovered that the stb library, included in MAME, had a  heap-based
buffer overflow. An attacker could possibly use this issue  to crash the
program or execute arbitrary code. (CVE-2018-16981)

It was discovered that the tinyexr library, included in MAME, had a heap-
based buffer over-read  in the function DecodePixelData. An  attacker could
possibly use this issue to expose sensitive information or crash the
program. (CVE-2022-34300)

It was discovered that the expat library, included in MAME, had an
integer-overflow in the function doProlog. An attacker could possibly use
this issue to crash the program or execute arbitrary code.
(CVE-2021-46143)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  mame                            0.277+dfsg.1-4ubuntu0.1
  mame-data                       0.277+dfsg.1-4ubuntu0.1
  mame-tools                      0.277+dfsg.1-4ubuntu0.1

Ubuntu 25.04
  mame                            0.275+dfsg.1-3ubuntu0.1
  mame-data                       0.275+dfsg.1-3ubuntu0.1
  mame-tools                      0.275+dfsg.1-3ubuntu0.1

Ubuntu 24.04 LTS
  mame                            0.264+dfsg.1-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  mame-data                       0.264+dfsg.1-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  mame-tools                      0.264+dfsg.1-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 22.04 LTS
  mame                            0.242+dfsg.1-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  mame-data                       0.242+dfsg.1-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  mame-tools                      0.242+dfsg.1-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 20.04 LTS
  mame                            0.220+dfsg.1-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  mame-data                       0.220+dfsg.1-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  mame-tools                      0.220+dfsg.1-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  mame                            0.195+dfsg.1-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  mame-data                       0.195+dfsg.1-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  mame-tools                      0.195+dfsg.1-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7913-1
  CVE-2018-16981, CVE-2021-46143, CVE-2022-34300

Package Information:
  https://launchpad.net/ubuntu/+source/mame/0.277+dfsg.1-4ubuntu0.1
  https://launchpad.net/ubuntu/+source/mame/0.275+dfsg.1-3ubuntu0.1

signature.asc
Description: OpenPGP digital signature