CVE-2021-21417

Use after free in fluidsynth

CVSS 7.2 HIGHEPSS 0.9%CWE-416

fluidsynth is a software synthesizer based on the SoundFont 2 specifications. A use after free violation was discovered in fluidsynth, that can be triggered when loading an invalid SoundFont file.

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

Affected products

FluidSynth · fluidsynth

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/FluidSynth/fluidsynth/issues/808 https://github.com/FluidSynth/fluidsynth/pull/810 https://github.com/FluidSynth/fluidsynth/security/advisories/GHSA-6fcq-pxhc-jxc9 https://lists.debian.org/debian-lts-announce/2021/06/msg00027.html