The Mem_File_Reader::read_avail function in Data_Reader.cpp in the Game_Music_Emu library (aka game-music-emu) 0.6.1 does not ensure a non-negative size, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
References
| Link | Resource |
|---|---|
| https://bitbucket.org/mpyne/game-music-emu/issues/14/addresssanitizer-negative-size-param-size | Third Party Advisory |
| https://bugs.debian.org/883691 | Issue Tracking |
| https://bitbucket.org/mpyne/game-music-emu/issues/14/addresssanitizer-negative-size-param-size | Third Party Advisory |
| https://bugs.debian.org/883691 | Issue Tracking |
Configurations
History
21 Nov 2024, 03:17
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://bitbucket.org/mpyne/game-music-emu/issues/14/addresssanitizer-negative-size-param-size - Third Party Advisory | |
| References | () https://bugs.debian.org/883691 - Issue Tracking |
Information
Published : 2017-12-06 19:29
Updated : 2024-11-21 03:17
NVD link : CVE-2017-17446
Mitre link : CVE-2017-17446
CVE.ORG link : CVE-2017-17446
JSON object : View
Products Affected
game-music-emu_project
- game-music-emu
CWE
CWE-681
Incorrect Conversion between Numeric Types