CVE-2017-17446

Published: 06 December 2017

The Mem_File_Reader::read_avail function in Data_Reader.cpp in the Game_Music_Emu library (aka game-music-emu) 0.6.1 does not ensure a non-negative size, which allows remote attackers to cause a denial of service (application crash) via a crafted file.

From the Ubuntu security team

It was discovered that game-music-emu mishandled certain crafted input. A local attacker could use this vulnerability to cause game-music-emu to crash.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
game-music-emu
Launchpad, Ubuntu, Debian
Upstream
Released (0.6.2-1)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(0.6.2-1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(0.6.2-1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(0.6.2-1)
Ubuntu 16.04 LTS (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Needed