Control: retitle 883691 game-music-emu: CVE-2017-17446: AddressSanitizer: negative-size-param: (size=-8), size=-8 passed to memcpy in Mem_File_Reader::read_avail
Hello Sebastian, > I've forwarded this upstream now, thanks for reporting! > > See: > https://bitbucket.org/mpyne/game-music-emu/issues/14/addresssanitizer-negative-size-param-size > > The crash can also be reproduced by running "ffplay" on the file. Thank you. MITRE has assigned CVE-2017-17446 for this issue. I do not think we need a DSA for this issue, but could be fixed via a point release. Regards, Salvatore