Candidate: CVE-2017-11661 PublicDate: 2017-08-17 16:29:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11661 http://seclists.org/fulldisclosure/2017/Aug/12 https://github.com/Mindwerks/wildmidi/commit/660b513d99bced8783a4a5984ac2f742c74ebbdd Description: The _WM_SetupMidiEvent function in internal_midi.c:2318 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file. Ubuntu-Description: It was discovered that WildMIDI incorrectly handled certain MID files. A remote attacker could possibly use this issue to cause a denial of service. Notes: ebarretto> Looking at the patches and the version on Trusty, it seems like ebarretto> some of the patches are not appliable and others are tricky to ebarretto> backport. So considering really low for Trusty. Bugs: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871616 Priority: low Discovered-by: Assigned-to: CVSS: nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH] Patches_wildmidi: upstream: https://github.com/Mindwerks/wildmidi/commit/a8134de7f721cc3dc8017ad92c6b211a7d5689d9 upstream: https://github.com/Mindwerks/wildmidi/commit/08217027f8e6f5df0cf106b84f0e3243fbc20554 upstream: https://github.com/Mindwerks/wildmidi/commit/08438a3eb08057260b2a660d10ab7d1e92e2986c upstream: https://github.com/Mindwerks/wildmidi/commit/733bc79dbb550c357676b66e7dec1961a802ac6e upstream_wildmidi: released (0.4.2-1) precise/esm_wildmidi: DNE trusty_wildmidi: ignored (out of standard support) trusty/esm_wildmidi: needed vivid/ubuntu-core_wildmidi: DNE xenial_wildmidi: ignored (end of standard support, was needed) zesty_wildmidi: ignored (reached end-of-life) artful_wildmidi: ignored (reached end-of-life) bionic_wildmidi: not-affected (0.4.2-1) cosmic_wildmidi: not-affected (0.4.2-1) disco_wildmidi: not-affected (0.4.2-1) eoan_wildmidi: not-affected (0.4.2-1) focal_wildmidi: not-affected (0.4.2-1) groovy_wildmidi: not-affected (0.4.2-1) hirsute_wildmidi: not-affected (0.4.2-1) impish_wildmidi: not-affected (0.4.2-1) jammy_wildmidi: not-affected (0.4.2-1) devel_wildmidi: not-affected (0.4.2-1)