Vulnerabilities > CVE-2021-21417 - Use After Free vulnerability in multiple products

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

fluidsynth

debian

CWE-416

NVD

Published: 2021-04-29

Updated: 2021-09-14

Summary

fluidsynth is a software synthesizer based on the SoundFont 2 specifications. A use after free violation was discovered in fluidsynth, that can be triggered when loading an invalid SoundFont file.

Vulnerable Configurations

Part	Description	Count
Application	Fluidsynth Fluidsynth Fluidsynth 1.1.2 Fluidsynth Fluidsynth 1.1.3 Fluidsynth Fluidsynth 1.1.4 Fluidsynth Fluidsynth 1.1.5 Fluidsynth Fluidsynth 1.1.6 Fluidsynth Fluidsynth 1.1.7 Fluidsynth Fluidsynth 1.1.8 Fluidsynth Fluidsynth 1.1.9 Fluidsynth Fluidsynth 1.1.10 Fluidsynth Fluidsynth 1.1.11 Fluidsynth Fluidsynth 2.0.0 Fluidsynth Fluidsynth 2.0.1 Fluidsynth Fluidsynth 2.0.2 Fluidsynth Fluidsynth 2.0.3 Fluidsynth Fluidsynth 2.0.4 Fluidsynth Fluidsynth 2.0.5 Fluidsynth Fluidsynth 2.0.6 Fluidsynth Fluidsynth 2.0.7 Fluidsynth Fluidsynth 2.0.8 Fluidsynth Fluidsynth 2.0.9 Fluidsynth Fluidsynth 2.1.0 Fluidsynth Fluidsynth 2.1.1 Fluidsynth Fluidsynth 2.1.2 Fluidsynth Fluidsynth 2.1.3 Fluidsynth Fluidsynth 2.1.4 Fluidsynth Fluidsynth 2.1.5 Fluidsynth Fluidsynth 2.1.6 Fluidsynth Fluidsynth 2.1.7	32
OS	Debian Debian Debian Linux 9.0	1

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References