CVE-2026-39199
Received Received - Intake
BaseFortify

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: MITRE

Description
snes9x 1.63 allows an out-of-bounds write and denial of service via a crafted .ups file.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-06-18
AI Q&A
2026-06-17
EPSS Evaluated
N/A
NVD
CVE-2026-39199
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
snes9x snes9x From 1.63 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-39199 is an out-of-bounds write vulnerability in the SNES9x emulator version 1.63. It occurs when the emulator processes a specially crafted .ups patch file. The patching logic in the memmap.cpp file fails to validate a relative offset during the XOR loop that applies the patch, allowing the offset to exceed the allocated buffer size of the ROM memory.

This flaw enables a heap-based out-of-bounds write, which can corrupt adjacent memory. The vulnerability is triggered automatically when a malicious .ups file is placed alongside a ROM file, as the emulator loads UPS patches without user interaction.

Impact Analysis

The primary impact of this vulnerability is a denial of service, causing the SNES9x emulator to crash when loading a ROM with a malicious .ups patch file.

Additionally, under certain conditions where operating system protections like ASLR and DEP are disabled, an attacker could exploit this vulnerability to achieve arbitrary code execution within the emulator process.

Detection Guidance

This vulnerability is triggered by loading a maliciously crafted .ups patch file alongside a ROM in the snes9x emulator version 1.63. Detection involves identifying the presence of suspicious or crafted .ups files that could exploit the out-of-bounds write during patch application.

Since the vulnerability is related to file contents and patch application within the emulator, network detection is not applicable. Instead, detection should focus on scanning the file system for suspicious .ups files.

  • Use file integrity monitoring or hash checksums to detect unexpected or modified .ups files in directories where ROMs are stored.
  • Manually inspect or use scripts to verify the structure of .ups files, checking for abnormal offset values or sizes that exceed expected limits.
  • No specific commands are provided in the resources, but a general approach could be to use tools like 'hexdump' or 'xxd' on .ups files to look for unusually large offset values in the patch data.
Mitigation Strategies

The primary mitigation is to update the snes9x emulator to a version that includes the patch fixing this vulnerability.

The fix involves adding bounds checking in the patch application code to ensure that the relative offset does not exceed the maximum allowed ROM size, preventing out-of-bounds writes.

  • Do not load or place untrusted or unknown .ups patch files alongside ROMs in the emulator.
  • Apply the official patch or update from the snes9x repository that modifies the ReadUPSPatch function to validate offsets before writing.
  • If updating immediately is not possible, avoid using UPS patch files or disable automatic patch loading if the emulator settings allow.
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-39199. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart