FluidSynth is vulnerable to remote code execution. The vulnerability exists due to a use after free in sfloader/fluid_sffile.c that can result in arbitrary code execution or a denial of service (DoS) if a malicious soundfont2 file is loaded into a fluidsynth library.
CPE | Name | Operator | Version |
---|---|---|---|
fluidsynth:sid | eq | 2.1.5-1 | |
fluidsynth:bullseye | eq | 2.1.5-1 |