CVE-2021-21417

NameCVE-2021-21417
Descriptionfluidsynth is a software synthesizer based on the SoundFont 2 specifications. A use after free violation was discovered in fluidsynth, that can be triggered when loading an invalid SoundFont file.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-2697-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
fluidsynth (PTS)bullseye2.1.7-1.1fixed
bookworm2.3.1-2fixed
trixie2.4.3+dfsg-3fixed
sid2.4.3+dfsg-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
fluidsynthsourcestretch1.1.6-4+deb9u1DLA-2697-1
fluidsynthsourcebuster1.1.11-1+deb10u1
fluidsynthsource(unstable)2.1.7-1.1

Notes

https://github.com/FluidSynth/fluidsynth/issues/808
https://github.com/FluidSynth/fluidsynth/security/advisories/GHSA-6fcq-pxhc-jxc9
Search for package or bug name: Reporting problems