MGASA-2018-0152

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2018-0152.html

Import Source

https://advisories.mageia.org/MGASA-2018-0152.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2018-0152

Related

Published

2018-02-28T13:55:21Z

Modified

2018-02-28T13:16:10Z

Summary

Updated TiMidity++ packages fix security vulnerabilities

Details

The insertnotesteps function in readmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mid file. NOTE: a crash might be relevant when using the --background option (CVE-2017-11546).

The resample_gauss function in resample.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mid file. NOTE: a crash might be relevant when using the --background option. NOTE: the TiMidity++ README.alsaseq documentation suggests a setuid-root installation (CVE-2017-11547).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / TiMidity++

Package

Name: TiMidity++
Purl: pkg:rpm/mageia/TiMidity++?arch=source&distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

++-2.14.0-6.1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / TiMidity++

Package

Name: TiMidity++
Purl: pkg:rpm/mageia/TiMidity++?arch=source&distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

++-2.14.0-9.1.mga6

Ecosystem specific

{
    "section": "core"
}