OESA-2026-1065
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-1065
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2026-1065.json
- JSON Data
- https://api.osv.dev/v1/vulns/OESA-2026-1065
- Upstream
- Published
- 2026-01-16T11:57:27Z
- Modified
- 2026-01-16T12:30:18.264329Z
- Summary
- fluidsynth security update
- Details
-
FluidSynth is a free software synthesizer. Its currently based on the SoundFont 2 specifications and supports real time MIDI effect controls. It can be used as a shared library for embedding in other applications, can play MIDI files and has a command line shell. Many other applications use FluidSynth for audio synthesis.
Security Fix(es):
fluidsynth-2.4.6 and earlier versions is vulnerable to Null pointer dereference in fluidsynthmonopoly.c, that can be triggered when loading an invalid midi file.(CVE-2025-56225)
- Database specific
{ "severity": "High" }- References
Affected packages
openEuler:24.03-LTS-SP3 / fluidsynth
Package
- Name
- fluidsynth
- Purl
- pkg:rpm/openEuler/fluidsynth&distro=openEuler-24.03-LTS-SP3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.3.4-2.oe2403sp3
Ecosystem specific
{
"aarch64": [
"fluidsynth-2.3.4-2.oe2403sp3.aarch64.rpm",
"fluidsynth-debuginfo-2.3.4-2.oe2403sp3.aarch64.rpm",
"fluidsynth-debugsource-2.3.4-2.oe2403sp3.aarch64.rpm",
"fluidsynth-devel-2.3.4-2.oe2403sp3.aarch64.rpm",
"fluidsynth-help-2.3.4-2.oe2403sp3.aarch64.rpm"
],
"x86_64": [
"fluidsynth-2.3.4-2.oe2403sp3.x86_64.rpm",
"fluidsynth-debuginfo-2.3.4-2.oe2403sp3.x86_64.rpm",
"fluidsynth-debugsource-2.3.4-2.oe2403sp3.x86_64.rpm",
"fluidsynth-devel-2.3.4-2.oe2403sp3.x86_64.rpm",
"fluidsynth-help-2.3.4-2.oe2403sp3.x86_64.rpm"
],
"src": [
"fluidsynth-2.3.4-2.oe2403sp3.src.rpm"
]
}