Vulnerabilities > CVE-2017-17446 - Incorrect Conversion between Numeric Types vulnerability in Game-Music-Emu Project Game-Music-Emu 0.6.1

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL

Summary

The Mem_File_Reader::read_avail function in Data_Reader.cpp in the Game_Music_Emu library (aka game-music-emu) 0.6.1 does not ensure a non-negative size, which allows remote attackers to cause a denial of service (application crash) via a crafted file.

Vulnerable Configurations

Part Description Count
Application
Game-Music-Emu_Project
1