GHSA-9FV2-C7V6-P45W Fonoster is vulnerable to directory traversal

Fonoster 0.5.5 before 0.6.1 allows ../ directory traversal to read arbitrary files via the /sounds/:file or /tts/:file VoiceServer endpoint. This occurs in serveFiles in mods/voice/src/utils.ts. NOTE: serveFiles exists in 0.5.5 but not in the next release, 0.6.1...

CVE-2024-43035

Fonoster 0.5.5 before 0.6.1 allows ../ directory traversal to read arbitrary files via the /sounds/:file or /tts/:file VoiceServer endpoint. This occurs in serveFiles in mods/voice/src/utils.ts. NOTE: serveFiles exists in 0.5.5 but not in the next release, 0.6.1...

PT-2025-52858

Name of the Vulnerable Software and Affected Versions FluidSynth versions 2.5.0 through 2.5.1 Description FluidSynth, a software synthesizer based on the SoundFont 2 specifications, contains a flaw. A race condition during the unloading of a DLS file can lead to a heap-based use-after-free. This...

fluidsynth 资源管理错误漏洞

fluidsynth is a fluidsynth open source application. It is used to generate audio by reading and processing MIDI events from MIDI input devices using SoundFont. A resource management error vulnerability exists in fluidsynth versions prior to 2.5.2, which stems from a contention condition when...