7 matches found
Updated TiMidity++ packages fix security vulnerabilities
The insertnotesteps function in readmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service divide-by-zero error and application crash via a crafted mid file. NOTE: a crash might be relevant when using the --background option CVE-2017-11546. The resamplegauss function in...
openSUSE Security Update : timidity (openSUSE-2018-208)
This update for timidity fixes the following issues : Security issues fixed : - CVE-2017-11546: Fix division-by-zero with malformed MIDI file boo1081694 - CVE-2017-11547: Fix out-of-bound accesses in the resamplers boo1081694 Other issues fixed : - Drop tcl/tk dependency; it's already broken with...
CVE-2017-11547
The resamplegauss function in resample.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted mid file. NOTE: a crash might be relevant when using the --background option. NOTE: the TiMidity++ README.alsaseq documentation suggests a...
CVE-2017-11547
The resamplegauss function in resample.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted mid file. NOTE: a crash might be relevant when using the --background option. NOTE: the TiMidity++ README.alsaseq documentation suggests a...
CVE-2017-11547
CVE-2017-11547 affects TiMidity++ 2.14.0, where the resample_gauss function in resample.c can cause a heap-based buffer over-read via a crafted MIDI file, leading to denial of service (potential crash). The initial description notes a possible crash with --background; exploitation details/patch s...
CVE-2017-11547
The resamplegauss function in resample.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted mid file. NOTE: a crash might be relevant when using the --background option. NOTE: the TiMidity++ README.alsaseq documentation suggests a...
CVE-2017-11547
The resamplegauss function in resample.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted mid file. NOTE: a crash might be relevant when using the --background option. NOTE: the TiMidity++ README.alsaseq documentation suggests a...