Vulnerabilities > CVE-2017-17446 - Incorrect Conversion between Numeric Types vulnerability in Game-Music-Emu Project Game-Music-Emu 0.6.1

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

game-music-emu-project

CWE-681

NVD

Published: 2017-12-06

Updated: 2019-10-03

Summary

The Mem_File_Reader::read_avail function in Data_Reader.cpp in the Game_Music_Emu library (aka game-music-emu) 0.6.1 does not ensure a non-negative size, which allows remote attackers to cause a denial of service (application crash) via a crafted file.

Vulnerable Configurations

Part	Description	Count
Application	Game-Music-Emu_Project Game Music EMU Project Game Music EMU 0.6.1	1

Common Weakness Enumeration (CWE)

CWE-681 - Incorrect Conversion between Numeric Types

References

https://bugs.debian.org/883691
https://bitbucket.org/mpyne/game-music-emu/issues/14/addresssanitizer-negative-size-param-size