Timidity++ Project : Security Vulnerabilities, CVEs,

CVE-2017-11549

The play_midi function in playmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mid file. NOTE: CPU consumption might be relevant when using the --background option.
Max CVSS
7.1
EPSS Score
0.17%
Published
2017-07-31
Updated
2019-10-03

CVE-2017-11547

The resample_gauss function in resample.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mid file. NOTE: a crash might be relevant when using the --background option. NOTE: the TiMidity++ README.alsaseq documentation suggests a setuid-root installation.
Max CVSS
5.5
EPSS Score
0.17%
Published
2017-07-31
Updated
2017-08-03

CVE-2017-11546

The insert_note_steps function in readmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mid file. NOTE: a crash might be relevant when using the --background option.
Max CVSS
5.5
EPSS Score
0.17%
Published
2017-07-31
Updated
2017-08-03
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close