The MemFileReader::readavail function in DataReader.cpp in the GameMusicEmu library (aka game-music-emu) 0.6.1 does not ensure a non-negative size, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
{ "binaries": [ { "binary_version": "0.5.5-2ubuntu0.14.04.1+esm1", "binary_name": "libgme-dev" }, { "binary_version": "0.5.5-2ubuntu0.14.04.1+esm1", "binary_name": "libgme0" } ], "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro" }
{ "binaries": [ { "binary_version": "0.6.0-3ubuntu0.16.04.1+esm1", "binary_name": "libgme-dev" }, { "binary_version": "0.6.0-3ubuntu0.16.04.1+esm1", "binary_name": "libgme0" } ], "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro" }