ALT-PU-2021-1496-1
Package fluidsynth updated to version 2.1.8-alt1 for branch sisyphus in task 267923.
Closed vulnerabilities
Published: 2021-04-29
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2021-21417
fluidsynth is a software synthesizer based on the SoundFont 2 specifications. A use after free violation was discovered in fluidsynth, that can be triggered when loading an invalid SoundFont file.
Severity: MEDIUM (5.5)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- https://github.com/FluidSynth/fluidsynth/issues/808
- https://github.com/FluidSynth/fluidsynth/issues/808
- https://github.com/FluidSynth/fluidsynth/pull/810
- https://github.com/FluidSynth/fluidsynth/pull/810
- https://github.com/FluidSynth/fluidsynth/security/advisories/GHSA-6fcq-pxhc-jxc9
- https://github.com/FluidSynth/fluidsynth/security/advisories/GHSA-6fcq-pxhc-jxc9
- [debian-lts-announce] 20210629 [SECURITY] [DLA 2697-1] fluidsynth security update
- [debian-lts-announce] 20210629 [SECURITY] [DLA 2697-1] fluidsynth security update