rpm package
opensuse/timidity&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/timidity&distro=openSUSE%20Tumbleweed
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-11547 | Med | 5.5 | < 2.15.0-2.2 | 2.15.0-2.2 | Jul 31, 2017 | The resample_gauss function in resample.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mid file. NOTE: a crash might be relevant when using the --background option. NOTE: the TiMidity++ README.alsaseq docume | |
| CVE-2017-11546 | Med | 5.5 | < 2.15.0-2.2 | 2.15.0-2.2 | Jul 31, 2017 | The insert_note_steps function in readmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mid file. NOTE: a crash might be relevant when using the --background option. | |
| CVE-2010-2971 | — | < 2.15.0-2.2 | 2.15.0-2.2 | Aug 5, 2010 | loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly account for the larger size of name##env relative to name##tick and name##node, which allows remote attackers to trigger a buffer over-read and possibly have unspecified other impact via a crafted Impulse Tracker | ||
| CVE-2009-0179 | — | < 2.15.0-2.2 | 2.15.0-2.2 | Jan 20, 2009 | libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other products, allows user-assisted attackers to cause a denial of service (application crash) by loading an XM file. | ||
| CVE-2006-4338 | — | < 2.14.0-3.10 | 2.14.0-3.10 | Sep 19, 2006 | unlzh.c in the LHZ component in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted GZIP archive. | ||
| CVE-2006-4337 | — | < 2.14.0-3.10 | 2.14.0-3.10 | Sep 19, 2006 | Buffer overflow in the make_table function in the LHZ component in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted decoding table in a GZIP archive. | ||
| CVE-2006-4335 | — | < 2.14.0-3.10 | 2.14.0-3.10 | Sep 19, 2006 | Array index error in the make_table function in unlzh.c in the LZH decompression component in gzip 1.3.5, when running on certain platforms, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GZIP archive that |
- affected < 2.15.0-2.2fixed 2.15.0-2.2
The resample_gauss function in resample.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mid file. NOTE: a crash might be relevant when using the --background option. NOTE: the TiMidity++ README.alsaseq docume
- affected < 2.15.0-2.2fixed 2.15.0-2.2
The insert_note_steps function in readmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mid file. NOTE: a crash might be relevant when using the --background option.
- CVE-2010-2971Aug 5, 2010affected < 2.15.0-2.2fixed 2.15.0-2.2
loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly account for the larger size of name##env relative to name##tick and name##node, which allows remote attackers to trigger a buffer over-read and possibly have unspecified other impact via a crafted Impulse Tracker
- CVE-2009-0179Jan 20, 2009affected < 2.15.0-2.2fixed 2.15.0-2.2
libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other products, allows user-assisted attackers to cause a denial of service (application crash) by loading an XM file.
- CVE-2006-4338Sep 19, 2006affected < 2.14.0-3.10fixed 2.14.0-3.10
unlzh.c in the LHZ component in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted GZIP archive.
- CVE-2006-4337Sep 19, 2006affected < 2.14.0-3.10fixed 2.14.0-3.10
Buffer overflow in the make_table function in the LHZ component in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted decoding table in a GZIP archive.
- CVE-2006-4335Sep 19, 2006affected < 2.14.0-3.10fixed 2.14.0-3.10
Array index error in the make_table function in unlzh.c in the LZH decompression component in gzip 1.3.5, when running on certain platforms, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GZIP archive that