CVE-2021-21417
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-21417
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-21417.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-21417
- Downstream
- Related
- Published
- 2021-04-29T17:15:09Z
- Modified
- 2025-10-21T05:55:58.722293Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
fluidsynth is a software synthesizer based on the SoundFont 2 specifications. A use after free violation was discovered in fluidsynth, that can be triggered when loading an invalid SoundFont file.
- References
Affected packages
Git / github.com/fluidsynth/fluidsynth
Affected ranges
- Type
- GIT
- Repo
- https://github.com/fluidsynth/fluidsynth
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v1.*
v1.1.2
v1.1.3
v1.1.4
v1.1.5
v1.1.6
v1.1.7
v2.*
v2.0.0
v2.0.0.beta1
v2.0.0.beta2
v2.0.0.rc1
v2.0.1
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.0.6
v2.0.7
v2.1.0
v2.1.0.rc1
v2.1.1
v2.1.2
v2.1.3
v2.1.4
v2.1.5
v2.1.6
v2.1.7
Database specific
vanir_signatures
[
{
"source": "https://github.com/fluidsynth/fluidsynth/commit/005719628aef0bd48dc7b2f860c7e4ca16b81044",
"target": {
"file": "src/sfloader/fluid_sffile.c"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2021-21417-b2340688",
"digest": {
"threshold": 0.9,
"line_hashes": [
"48885938282331019127197626419836307014",
"110753109995881962928445110041674456256",
"121492536121844320821012634259806870192",
"244250008653137373573258873778707470889",
"110481844234258377108205728634290871755",
"106434345867872264672328437380783120138",
"75442270675680468273110843789053691131",
"95798495319292279337806353917834424064",
"333074141710635353878506192750459148821",
"47326553705705572167105152637548941869",
"16808106559652375976008750122874879042",
"172764031837794924691065524078847990979",
"220534147200632390022598891401921673442",
"13850095192963669915694205988520717420",
"236778933972772207078581007412662589462",
"318383126056721000529860358731732644709",
"85476600705861003317693399597125986122",
"288936857336585327545519535369585347744",
"121492536121844320821012634259806870192",
"244250008653137373573258873778707470889",
"336122938356400900669879383199080583791",
"322868890313760197567011974418590242518",
"42515258426239574087291571328387395543",
"329887052572185232004397664573681896528",
"333074141710635353878506192750459148821",
"160110383922649587958162413498630141605",
"285706012640618526127375349468795119952",
"275649253706964016154533079856786817649",
"101735777680155907571942409117773240958",
"11104868105589290390572019506936048960",
"236778933972772207078581007412662589462",
"318383126056721000529860358731732644709"
]
},
"signature_type": "Line"
},
{
"source": "https://github.com/fluidsynth/fluidsynth/commit/005719628aef0bd48dc7b2f860c7e4ca16b81044",
"target": {
"function": "load_pgen",
"file": "src/sfloader/fluid_sffile.c"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2021-21417-cfdb3ac4",
"digest": {
"length": 2846.0,
"function_hash": "331369067606282572002129312609689129378"
},
"signature_type": "Function"
},
{
"source": "https://github.com/fluidsynth/fluidsynth/commit/005719628aef0bd48dc7b2f860c7e4ca16b81044",
"target": {
"function": "load_igen",
"file": "src/sfloader/fluid_sffile.c"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2021-21417-e6733bbb",
"digest": {
"length": 2834.0,
"function_hash": "95500749034621577397607449282478807781"
},
"signature_type": "Function"
}
]