The Mem_File_Reader::read_avail function in Data_Reader.cpp in the Game_Music_Emu library 0.6.1 does not ensure a non-negative size, which allows remote attackers to cause a denial of service via a crafted file.