FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

TiMidity++ -- Multiple vulnerabilities

Affected packages
timidity++ < 2.15.0
timidity++-emacs < 2.15.0
timidity++-gtk < 2.15.0
timidity++-motif < 2.15.0
timidity++-slang < 2.15.0
timidity++-tcltk < 2.15.0
timidity++-xaw < 2.15.0
timidity++-xskin < 2.15.0

Details

VuXML ID d37407bd-5c5f-11ea-bb2a-8c164582fbac
Discovery 2017-07-31
Entry 2020-03-02

qflb.wu of DBAPPSecurity reports:

Ihe insert_note_steps function in readmidi.c in TiMidity++ 2.14.0 can cause a denial of service(divide-by-zero error and application crash) via a crafted mid file.

The resample_gauss function in resample.c in TiMidity++ 2.14.0 can cause a denial of service(heap-buffer-overflow) via a crafted mid file.

The play_midi function in playmidi.c in TiMidity++ 2.14.0 can cause a denial of service(large loop and CPU consumption) via a crafted mid file.

[source]

References

CVE Name CVE-2017-11546
CVE Name CVE-2017-11547
CVE Name CVE-2017-11549
URL https://seclists.org/fulldisclosure/2017/Jul/83

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.