ID CVE-2017-11664
Summary The _WM_SetupMidiEvent function in internal_midi.c:2122 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file.
References
Vulnerable Configurations
  • cpe:2.3:a:mindwerks:wildmidi:0.4.2
    cpe:2.3:a:mindwerks:wildmidi:0.4.2
CVSS
Base: 4.3
Impact:
Exploitability:
CWE CWE-125
CAPEC
  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
exploit-db via4
description WildMIDI 0.4.2 - Multiple Vulnerabilities. CVE-2017-11661,CVE-2017-11662,CVE-2017-11663,CVE-2017-11664. Dos exploit for Linux platform. Tags: Denial of Servi...
file exploits/linux/dos/42433.txt
id EDB-ID:42433
last seen 2017-08-09
modified 2017-08-08
platform linux
port
published 2017-08-08
reporter Exploit-DB
source https://www.exploit-db.com/download/42433/
title WildMIDI 0.4.2 - Multiple Vulnerabilities
type dos
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-7CBD8A00B7.NASL
    description - New upstream release 0.4.2 (rhbz#1433550) - Fixes CVE-2017-11661 CVE-2017-11662 CVE-2017-11663 CVE-2017-11664 (rhbz#1479315) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-02-04
    modified 2018-02-02
    plugin id 105130
    published 2017-12-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105130
    title Fedora 26 : wildmidi (2017-7cbd8a00b7)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-DABF9A64D9.NASL
    description - New upstream release 0.4.2 (rhbz#1433550) - Fixes CVE-2017-11661 CVE-2017-11662 CVE-2017-11663 CVE-2017-11664 (rhbz#1479315) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-02-04
    modified 2018-02-02
    plugin id 105987
    published 2018-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105987
    title Fedora 27 : wildmidi (2017-dabf9a64d9)
refmap via4
confirm https://github.com/Mindwerks/wildmidi/commit/660b513d99bced8783a4a5984ac2f742c74ebbdd
fulldisc 20170808 wildmidi multiple vulnerabilities
Last major update 17-08-2017 - 12:29
Published 17-08-2017 - 12:29
Last modified 21-08-2017 - 13:19
Back to Top