CVE-2025-56225

Опубликовано: 09 янв. 2026

Источник: debian

Описание

fluidsynth-2.4.6 and earlier versions is vulnerable to Null pointer dereference in fluid_synth_monopoly.c, that can be triggered when loading an invalid midi file.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
fluidsynth	fixed	2.4.7+dfsg-1		package
fluidsynth	no-dsa		trixie	package
fluidsynth	no-dsa		bookworm	package
fluidsynth	postponed		bullseye	package

Примечания

https://github.com/FluidSynth/fluidsynth/issues/1602
https://github.com/FluidSynth/fluidsynth/pull/1607
Fixed by: https://github.com/FluidSynth/fluidsynth/commit/45f2a79f4265dcc4f98cfbafdb10727fb1c0d411 (v2.4.7)

Связанные уязвимости

CVE-2025-56225

CVSS3: 7.5

ubuntu

30 дней назад

fluidsynth-2.4.6 and earlier versions is vulnerable to Null pointer dereference in fluid_synth_monopoly.c, that can be triggered when loading an invalid midi file.

CVE-2025-56225

CVSS3: 7.5

nvd

30 дней назад

fluidsynth-2.4.6 and earlier versions is vulnerable to Null pointer dereference in fluid_synth_monopoly.c, that can be triggered when loading an invalid midi file.

GHSA-qgg6-hj2r-3x43

CVSS3: 7.5

github

30 дней назад

fluidsynth-2.4.6 and earlier versions is vulnerable to Null pointer dereference in fluid_synth_monopoly.c, that can be triggered when loading an invalid midi file.