CVE-2017-17446

Published: Dec 6, 2017Modified: May 13, 2026

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

The Mem_File_Reader::read_avail function in Data_Reader.cpp in the Game_Music_Emu library (aka game-music-emu) 0.6.1 does not ensure a non-negative size, which allows remote attackers to cause a denial of service (application crash) via a crafted file.

Affected (1)

Products: Game Music Emu Project: Game Music Emu

Game Music Emu Project

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Game Music Emu Project Game Music Emu	Version 0.6.1

Related CWEs

Incorrect Conversion between Numeric Types

When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.

References (4)

https://bitbucket.org/mpyne/game-music-emu/issues/14/addresssanitizer-negative-size-param-size

Source: cve@mitre.org

Third Party Advisory

https://bugs.debian.org/883691

Source: cve@mitre.org

Issue Tracking

https://bitbucket.org/mpyne/game-music-emu/issues/14/addresssanitizer-negative-size-param-size

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugs.debian.org/883691

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

Timeline

No history available yet.