openSUSE Security Update : timidity (openSUSE-2018-208)

This update for timidity fixes the following issues : Security issues fixed : - CVE-2017-11546: Fix division-by-zero with malformed MIDI file boo1081694 - CVE-2017-11547: Fix out-of-bound accesses in the resamplers boo1081694 Other issues fixed : - Drop tcl/tk dependency; it's already broken with...

TiMidity++ 'insert_note_steps' Function Denial of Service Vulnerability

TiMidity++ is an open source audio file converter and player that can convert MIDI files to other formats. A security vulnerability exists in the 'insertnotesteps' function of the readmidi.c file in TiMidity++ version 2.14.0. A remote attacker can exploit this vulnerability to cause a denial of...

TiMidity++ 'play_midi' function denial of service vulnerability

TiMidity++ is an open source audio file converter and player that can convert MIDI files to other formats. A security vulnerability exists in the 'playmidi' function of the playmidi.c file in TiMidity++ version 2.14.0. A remote attacker can cause a denial of service CPU consumption by exploiting...

TiMidity++ 'resample_gauss' Function Denial of Service Vulnerability

TiMidity++ is an open source audio file converter and player that can convert MIDI files to other formats. A security vulnerability exists in the 'resamplegauss' function of the resample.c file in TiMidity++ version 2.14.0. A remote attacker can exploit this vulnerability to cause a denial of...

DEBIAN-CVE-2017-11546

The insertnotesteps function in readmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service divide-by-zero error and application crash via a crafted mid file. NOTE: a crash might be relevant when using the --background option...

CVE-2017-11546

The insertnotesteps function in readmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service divide-by-zero error and application crash via a crafted mid file. NOTE: a crash might be relevant when using the --background option...

CVE-2017-11547

The resamplegauss function in resample.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted mid file. NOTE: a crash might be relevant when using the --background option. NOTE: the TiMidity++ README.alsaseq documentation suggests a...

DEBIAN-CVE-2017-11549

The playmidi function in playmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service large loop and CPU consumption via a crafted mid file. NOTE: CPU consumption might be relevant when using the --background option...

DEBIAN-CVE-2017-11547

The resamplegauss function in resample.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted mid file. NOTE: a crash might be relevant when using the --background option. NOTE: the TiMidity++ README.alsaseq documentation suggests a...

CVE-2017-11549

The playmidi function in playmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service large loop and CPU consumption via a crafted mid file. NOTE: CPU consumption might be relevant when using the --background option...

CVE-2017-11549

The playmidi function in playmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service large loop and CPU consumption via a crafted mid file. NOTE: CPU consumption might be relevant when using the --background option...

CVE-2017-11547

The resamplegauss function in resample.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted mid file. NOTE: a crash might be relevant when using the --background option. NOTE: the TiMidity++ README.alsaseq documentation suggests a...

CVE-2017-11546

The insertnotesteps function in readmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service divide-by-zero error and application crash via a crafted mid file. NOTE: a crash might be relevant when using the --background option...

UBUNTU-CVE-2017-11546

The insertnotesteps function in readmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service divide-by-zero error and application crash via a crafted mid file. NOTE: a crash might be relevant when using the --background option...

Heap overflow

The resamplegauss function in resample.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted mid file. NOTE: a crash might be relevant when using the --background option. NOTE: the TiMidity++ README.alsaseq documentation suggests a...

CVE-2017-11549

The playmidi function in playmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service large loop and CPU consumption via a crafted mid file. NOTE: CPU consumption might be relevant when using the --background option...

Design/Logic Flaw

The playmidi function in playmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service large loop and CPU consumption via a crafted mid file. NOTE: CPU consumption might be relevant when using the --background option...

CVE-2017-11546

The insertnotesteps function in readmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service divide-by-zero error and application crash via a crafted mid file. NOTE: a crash might be relevant when using the --background option...

UBUNTU-CVE-2017-11549

The playmidi function in playmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service large loop and CPU consumption via a crafted mid file. NOTE: CPU consumption might be relevant when using the --background option...

UBUNTU-CVE-2017-11547

The resamplegauss function in resample.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted mid file. NOTE: a crash might be relevant when using the --background option. NOTE: the TiMidity++ README.alsaseq documentation suggests a...