Note:
This project will be discontinued after December 13, 2021. [more]
2017-08-17
The _WM_SetupMidiEvent function in internal_midi.c:2122 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file.
Products | Wildmidi |
Type | Out-of-bounds Read (CWE-125) |
First patch |
https://github.com/Mindwerks/wildmidi/commit/660b513d99bced8783a4a5984ac2f742c74ebbdd |
Patches | https://github.com/Mindwerks/wildmidi/commit/ad6d7cf88d6673167ca1f517248af9409a9f1be1 |
Relevant file/s |
• ./include/internal_midi.h (modified, +1, -1)
• ./src/f_hmi.c (modified, +34, -6) • ./src/f_hmp.c (modified, +13, -2) • ./src/f_midi.c (modified, +37, -18) • ./src/f_mus.c (modified, +3, -2)
• ./src/f_xmidi.c (modified, +1, -1)
• ./src/internal_midi.c (modified, +73, -10) |
Links |
• https://www.exploit-db.com/exploits/42433/
• http://seclists.org/fulldisclosure/2017/Aug/12 |
Navigation
Patch data:
Patched area:
(on by default)
Patched area: