CVE-2017-11661
Published: 17 August 2017
The _WM_SetupMidiEvent function in internal_midi.c:2318 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file.
From the Ubuntu Security Team
It was discovered that WildMIDI incorrectly handled certain MID files. A remote attacker could possibly use this issue to cause a denial of service.
Notes
Author | Note |
---|---|
ebarretto | Looking at the patches and the version on Trusty, it seems like some of the patches are not appliable and others are tricky to backport. So considering really low for Trusty. |
Priority
Status
Package | Release | Status |
---|---|---|
wildmidi Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
bionic |
Not vulnerable
(0.4.2-1)
|
|
cosmic |
Not vulnerable
(0.4.2-1)
|
|
disco |
Not vulnerable
(0.4.2-1)
|
|
eoan |
Not vulnerable
(0.4.2-1)
|
|
focal |
Not vulnerable
(0.4.2-1)
|
|
groovy |
Not vulnerable
(0.4.2-1)
|
|
hirsute |
Not vulnerable
(0.4.2-1)
|
|
impish |
Not vulnerable
(0.4.2-1)
|
|
jammy |
Not vulnerable
(0.4.2-1)
|
|
kinetic |
Not vulnerable
(0.4.2-1)
|
|
lunar |
Not vulnerable
(0.4.2-1)
|
|
mantic |
Not vulnerable
(0.4.2-1)
|
|
trusty |
Needed
|
|
upstream |
Released
(0.4.2-1)
|
|
xenial |
Released
(0.3.8-2ubuntu0.1~esm1)
Available with Ubuntu Pro |
|
zesty |
Ignored
(end of life)
|
|
Patches: upstream: https://github.com/Mindwerks/wildmidi/commit/a8134de7f721cc3dc8017ad92c6b211a7d5689d9 upstream: https://github.com/Mindwerks/wildmidi/commit/08217027f8e6f5df0cf106b84f0e3243fbc20554 upstream: https://github.com/Mindwerks/wildmidi/commit/08438a3eb08057260b2a660d10ab7d1e92e2986c upstream: https://github.com/Mindwerks/wildmidi/commit/733bc79dbb550c357676b66e7dec1961a802ac6e |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |