CVE-2017-17446

CWE-6819 documents7 sources
Severity
6.5MEDIUM
EPSS
0.7%
top 29.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Game-music-emu Project Game-music-emu
Timeline
PublishedDec 6
Latest updateMay 13

Description

The Mem_File_Reader::read_avail function in Data_Reader.cpp in the Game_Music_Emu library (aka game-music-emu) 0.6.1 does not ensure a non-negative size, which allows remote attackers to cause a denial of service (application crash) via a crafted file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

ā–¶Debiangame-music-emu< 0.6.2-1+3

šŸ”“Vulnerability Details

3
GHSA
GHSA-pwfg-g35m-wrcw: The Mem_File_Reader::read_avail function in Data_Readerā†—2022-05-13
ā–¶
CVEList
CVE-2017-17446: The Mem_File_Reader::read_avail function in Data_Readerā†—2017-12-06
ā–¶
OSV
CVE-2017-17446: The Mem_File_Reader::read_avail function in Data_Readerā†—2017-12-06
ā–¶

šŸ“‹Vendor Advisories

2
Ubuntu
game-music-emu vulnerabilityā†—2021-03-15
ā–¶
Debian
CVE-2017-17446: game-music-emu - The Mem_File_Reader::read_avail function in Data_Reader.cpp in the Game_Music_Em...ā†—2017
ā–¶

šŸ’¬Community

3
Bugzilla
CVE-2017-17446 game-music-emu: The Mem_File_Reader::read_avail function does not ensure a non-negative size [fedora-all]ā†—2017-12-11
ā–¶
Bugzilla
CVE-2017-17446 game-music-emu: The Mem_File_Reader::read_avail function does not ensure a non-negative sizeā†—2017-12-11
ā–¶
Bugzilla
CVE-2017-17446 game-music-emu: The Mem_File_Reader::read_avail function does not ensure a non-negative size [epel-all]ā†—2017-12-11
ā–¶
CVE-2017-17446 (MEDIUM CVSS 6.5) | The Mem_File_Reader::read_avail fun | cvebase.io