CVE-2025-56225

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-56225
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-56225.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-56225
Downstream
Published
2026-01-09T16:16:06.910Z
Modified
2026-03-15T22:51:15.476265Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

fluidsynth-2.4.6 and earlier versions is vulnerable to Null pointer dereference in fluidsynthmonopoly.c, that can be triggered when loading an invalid midi file.

References

Affected packages

Git / github.com/fluidsynth/fluidsynth

Affected ranges

Type
GIT
Repo
https://github.com/fluidsynth/fluidsynth
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a7792513b032f1ff422cc928eecc6c660f236720
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.6"
        }
    ]
}

Affected versions

v1.*
v1.1.2
v1.1.3
v1.1.4
v1.1.5
v1.1.6
v1.1.7
v2.*
v2.0.0
v2.0.0.beta1
v2.0.0.beta2
v2.0.0.rc1
v2.0.1
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.0.6
v2.0.7
v2.1.0
v2.1.0.rc1
v2.1.1
v2.1.2
v2.1.3
v2.1.4
v2.1.5
v2.1.6
v2.1.7
v2.1.8
v2.2.0
v2.2.0.beta1
v2.2.0.rc1
v2.2.1
v2.2.2
v2.2.3
v2.2.4
v2.2.5
v2.2.6
v2.2.7
v2.2.8
v2.2.9
v2.3.0
v2.3.1
v2.3.2
v2.3.3
v2.3.4
v2.3.5
v2.3.6
v2.3.7
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.4.5
v2.4.6

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-56225.json"