Updated wildmidi packages fix security vulnerabilities
Publication date: 04 Jan 2018Modification date: 04 Jan 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-11661 , CVE-2017-11662 , CVE-2017-11663 , CVE-2017-11664
Description
The _WM_SetupMidiEvent function in internal_midi.c:2318 in WildMIDI
before 0.4.2 can cause a denial of service(invalid memory read and
application crash) via a crafted mid file (CVE-2017-11661).
The _WM_ParseNewMidi function in f_midi.c in WildMIDI before 0.4.2 can
cause a denial of service(invalid memory read and application crash) via
a crafted mid file (CVE-2017-11662).
The _WM_SetupMidiEvent function in internal_midi.c:2315 in WildMIDI
before 0.4.2 can cause a denial of service(invalid memory read and
application crash) via a crafted mid file (CVE-2017-11663).
The _WM_SetupMidiEvent function in internal_midi.c:2122 in WildMIDI
before 0.4.2 can cause a denial of service(invalid memory read and
application crash) via a crafted mid file (CVE-2017-11664).
References
- https://bugs.mageia.org/show_bug.cgi?id=22200
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XGAZHDTXXL3RFRCNGE4XLOHD4MASNLBB/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11661
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11662
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11663
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11664
SRPMS
6/core
- wildmidi-0.4.2-1.mga6