VYPR

rpm package

opensuse/fluidsynth&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/fluidsynth&distro=openSUSE%20Tumbleweed

Vulnerabilities (2)

  • CVE-2025-56225Jan 9, 2026
    affected < 2.5.2-2.1fixed 2.5.2-2.1

    fluidsynth-2.4.6 and earlier versions is vulnerable to Null pointer dereference in fluid_synth_monopoly.c, that can be triggered when loading an invalid midi file.

  • CVE-2025-68617Dec 23, 2025
    affected < 2.5.2-1.1fixed 2.5.2-1.1

    FluidSynth is a software synthesizer based on the SoundFont 2 specifications. From versions 2.5.0 to before 2.5.2, a race condition during unloading of a DLS file can trigger a heap-based use-after-free. A concurrently running thread may be pending to unload a DLS file, leading t