Vulnerabilities > CVE-2017-11549 - Excessive Iteration vulnerability in Timidity++ Project Timidity++ 2.14.0
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
The play_midi function in playmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mid file. NOTE: CPU consumption might be relevant when using the --background option.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family | FreeBSD Local Security Checks |
NASL id | FREEBSD_PKG_D37407BD5C5F11EABB2A8C164582FBAC.NASL |
description | qflb.wu of DBAPPSecurity reports : Ihe insert_note_steps function in readmidi.c in TiMidity++ 2.14.0 can cause a denial of service(divide-by-zero error and application crash) via a crafted mid file. The resample_gauss function in resample.c in TiMidity++ 2.14.0 can cause a denial of service(heap-buffer-overflow) via a crafted mid file. The play_midi function in playmidi.c in TiMidity++ 2.14.0 can cause a denial of service(large loop and CPU consumption) via a crafted mid file. |
last seen | 2020-03-18 |
modified | 2020-03-06 |
plugin id | 134258 |
published | 2020-03-06 |
reporter | This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/134258 |
title | FreeBSD : TiMidity++ -- Multiple vulnerabilities (d37407bd-5c5f-11ea-bb2a-8c164582fbac) |