VDB

GCVE-110-MAGEIA-2018-152

GCVE-110-MAGEIA-2018-152
Advisory Published
Vulnetix · Advisory published February 28, 2018
The insert_note_steps function in readmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mid file. NOTE: a crash might be relevant when using the --background option (CVE-2017-11546). The resample_gauss function in resample.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mid file. NOTE: a crash might be relevant when using the --background option. NOTE: the TiMidity++ README.alsaseq documentation suggests a setuid-root installation (CVE-2017-11547).

Affected Products

VendorProductVersionsPlatforms
Mageiawesnoth0 (affected), 1.14.5-1.mga6 (unaffected)
MageiaTiMidity++0 (affected), * (unaffected), 0 (affected), ++-2.14.0-6.1.mga5 (unaffected)
MageiaTiMidity++0 (affected), ++-2.14.0-9.1.mga6 (unaffected), * (unaffected), 0 (affected)

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›