CVE-2017-17446 — MEDIUM (6.5)

Vulnerability Description

The Mem_File_Reader::read_avail function in Data_Reader.cpp in the Game_Music_Emu library (aka game-music-emu) 0.6.1 does not ensure a non-negative size, which allows remote attackers to cause a denial of service (application crash) via a crafted file.

CVSS Score

6.5

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Game-Music-Emu Project	Game-Music-Emu	0.6.1

Related Weaknesses (CWE)

CWE-681

References

https://bitbucket.org/mpyne/game-music-emu/issues/14/addresssanitizer-negative-sThird Party Advisory
https://bugs.debian.org/883691Issue Tracking
https://bitbucket.org/mpyne/game-music-emu/issues/14/addresssanitizer-negative-sThird Party Advisory
https://bugs.debian.org/883691Issue Tracking

FAQ

What is CVE-2017-17446?

CVE-2017-17446 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The Mem_File_Reader::read_avail function in Data_Reader.cpp in the Game_Music_Emu library (aka game-music-emu) 0.6.1 does not ensure a non-negative size, which allows remote attackers to cause a denia...

How severe is CVE-2017-17446?

CVE-2017-17446 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-17446?

Check the references section above for vendor advisories and patch information. Affected products include: Game-Music-Emu Project Game-Music-Emu.