Jump to:

CVE-2017-17446

Jump to:

CVE-2017-17446

Package libgme updated to version 0.6.3-alt1 for branch sisyphus in task 270309.

Published: 2017-12-06
Modified: 2024-11-21

CVE-2017-17446

The Mem_File_Reader::read_avail function in Data_Reader.cpp in the Game_Music_Emu library (aka game-music-emu) 0.6.1 does not ensure a non-negative size, which allows remote attackers to cause a denial of service (application crash) via a crafted file.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

https://bitbucket.org/mpyne/game-music-emu/issues/14/addresssanitizer-negative-size-param-size
https://bitbucket.org/mpyne/game-music-emu/issues/14/addresssanitizer-negative-size-param-size
https://bugs.debian.org/883691
https://bugs.debian.org/883691

Version: 2.1.0

Package libgme update in sisyphus on 2024-05-01

ALT-PU-2021-4851-1

Closed vulnerabilities

CVE-2017-17446