Vulnerability Details CVE-2017-11664
The _WM_SetupMidiEvent function in internal_midi.c:2122 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.065
EPSS Ranking 90.7%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
- http://seclists.org/fulldisclosure/2017/Aug/12
- https://github.com/Mindwerks/wildmidi/commit/ad6d7cf88d6673167ca1f517248af9409a9f1be1
- https://www.exploit-db.com/exploits/42433/
- http://seclists.org/fulldisclosure/2017/Aug/12
- https://github.com/Mindwerks/wildmidi/commit/ad6d7cf88d6673167ca1f517248af9409a9f1be1
- https://www.exploit-db.com/exploits/42433/