The _WM_ParseNewMidi function in f_midi.c in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file.
Debian Bug report logs -
#886503
wildmidi: CVE-2017-1000418
Package:
src:wildmidi;
Maintainer for src:wildmidi is Bret Curtis <psi29a@gmailcom>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 6 Jan 2018 22:36:01 UTC
Severity: important
Tags: patch, security, upstream
Found in version wildmidi/04 ...
wildmidi multiple vulnerabilities
================
Author : qflbwu
===============
Introduction:
=============
WildMIDI is a simple software midi player which has a core softsynth library that can be use with other applicationsThe WildMIDI library uses Gravis Ultrasound patch files to convert MIDI files into audio which is then passed back to t ...