Description
Multi Emulator Super System 0.154-3.1 contains a buffer overflow vulnerability in the gamma parameter handling that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized gamma parameter value to overflow the stack buffer and overwrite the instruction pointer with a controlled address to achieve code execution.
Published: 2026-03-28
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Local code execution via stack buffer overflow
Action: Apply Patch
AI Analysis

Impact

The vulnerability resides in the handling of the gamma parameter within the Multi Emulator Super System. An attacker who can supply an oversized gamma value locally can trigger a stack buffer overflow, which can lead to either a denial of service by crashing the application or to arbitrary code execution if the attacker supplies a crafted return address. The weakness corresponds to CWE-787, reflecting an improper handling of untrusted input that exceeds buffer bounds.

Affected Systems

The affected product is the Multi Emulator Super System, version 0.154-3.1, distributed by mamedev:Mess Emulator. No other versions or vendors are listed in the available data.

Risk and Exploitability

This flaw is rated high on the CVSS scale with a score of 8.6, indicating a significant impact for local attackers. The EPSS score is not provided, and the vulnerability is not included in CISA’s KEV catalog. Since the flaw requires local privileged input to trigger the overflow, the attack vector is local. No remote exploitation is documented, but the use of an oversized gamma parameter directly could allow an attacker to crash the process or gain code execution on the host system.

Generated by OpenCVE AI on March 28, 2026 at 13:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor patch or update that fixes the gamma parameter handling. If no patch is available, avoid running the vulnerable emulator with untrusted input that may supply oversized gamma values. Monitor system logs for abnormal crashes or stack trace anomalies that may indicate exploitation attempts.

Generated by OpenCVE AI on March 28, 2026 at 13:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 28 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
Description Multi Emulator Super System 0.154-3.1 contains a buffer overflow vulnerability in the gamma parameter handling that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized gamma parameter value to overflow the stack buffer and overwrite the instruction pointer with a controlled address to achieve code execution.
Title Multi Emulator Super System 0.154-3.1 Buffer Overflow
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-28T11:58:01.411Z

Reserved: 2026-03-28T11:32:06.624Z

Link: CVE-2016-20039

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-03-28T12:15:59.473

Modified: 2026-03-28T12:15:59.473

Link: CVE-2016-20039

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-29T20:32:31Z

Weaknesses