Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2017-11546

The insert_note_steps function in readmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mid file. NOTE: a crash might be relevant when using the --background option.

Related bugs and status

CVE-2017-11546 (Candidate) is related to these bugs:

Bug #1443443: Arithmetic exception due to bad denom

		In	Importance	Status
1443443	Arithmetic exception due to bad denom	timidity (Ubuntu)	Undecided	Fix Released
1443443	Arithmetic exception due to bad denom	timidity (Debian)	Unknown	Fix Released
1443443	Arithmetic exception due to bad denom	TiMidity++	Undecided	In Progress

See the

CVE page on Mitre.org for more details.

References

MISC: http://seclists.org/fu...