CVE-2017-11664 - Vulncode-DB

CVE-2017-11664 (NVD)

2017-08-17

The _WM_SetupMidiEvent function in internal_midi.c:2122 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file.

Products	Wildmidi
Type	Out-of-bounds Read (CWE-125)
First patch	https://github.com/Mindwerks/wildmidi/commit/660b513d99bced8783a4a5984ac2f742c74ebbdd
Patches	https://github.com/Mindwerks/wildmidi/commit/ad6d7cf88d6673167ca1f517248af9409a9f1be1
Relevant file/s	• ./include/internal_midi.h (modified, +1, -1) • ./src/f_hmi.c (modified, +34, -6) • ./src/f_hmp.c (modified, +13, -2) • ./src/f_midi.c (modified, +37, -18) • ./src/f_mus.c (modified, +3, -2) More/Less (2) • ./src/f_xmidi.c (modified, +1, -1) • ./src/internal_midi.c (modified, +73, -10)
Links	• https://www.exploit-db.com/exploits/42433/ • http://seclists.org/fulldisclosure/2017/Aug/12

wildmidi - Tree: 660b513d99

(? files)

Filter Settings

All Files

Relevant Files

Vulnerable Files

Patched Files

Files

VS-Dark VS-Bright Monokai Darcula

Navigation

Patch data:

(on by default)

Patched area: