VDB
GCVE-110-MAGEIA-2018-152
GCVE-110-MAGEIA-2018-152
Advisory Published
The insert_note_steps function in readmidi.c in TiMidity++ 2.14.0 allows
remote attackers to cause a denial of service (divide-by-zero error and
application crash) via a crafted mid file. NOTE: a crash might be
relevant when using the --background option (CVE-2017-11546).
The resample_gauss function in resample.c in TiMidity++ 2.14.0 allows
remote attackers to cause a denial of service (heap-based buffer
over-read) via a crafted mid file. NOTE: a crash might be relevant when
using the --background option. NOTE: the TiMidity++ README.alsaseq
documentation suggests a setuid-root installation (CVE-2017-11547).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | wesnoth | 0 (affected), 1.14.5-1.mga6 (unaffected) | — |
| Mageia | TiMidity++ | 0 (affected), * (unaffected), 0 (affected), ++-2.14.0-6.1.mga5 (unaffected) | — |
| Mageia | TiMidity++ | 0 (affected), ++-2.14.0-9.1.mga6 (unaffected), * (unaffected), 0 (affected) | — |
Aliases
References
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.