GitHub_MCVELIST:CVE-2021-21417CVE-2021-21417 Use after free in fluidsynth
7.2 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
6.4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
39.5%
fluidsynth is a software synthesizer based on the SoundFont 2 specifications. A use after free violation was discovered in fluidsynth, that can be triggered when loading an invalid SoundFont file.
CNA Affected
[
{
"product": "fluidsynth",
"vendor": "FluidSynth",
"versions": [
{
"status": "affected",
"version": "< 2.1.8"
}
]
}
]Related
7.2 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
6.4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
39.5%