CVE-2021-28421 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Arbitrary code execution
Description	FluidSynth 2.1.7 contains a use after free vulnerability in sfloader/fluid_sffile.c that can result in arbitrary code execution or a denial of service (DoS) if a malicious soundfont2 file is loaded into a fluidsynth library.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1814	lib32-fluidsynth	2.1.7-1	2.1.8-1	Medium	Fixed
AVG-1813	fluidsynth	2.1.7-1	2.1.8-1	Medium	Fixed

References
https://github.com/FluidSynth/fluidsynth/issues/808 https://github.com/FluidSynth/fluidsynth/pull/810 https://github.com/FluidSynth/fluidsynth/commit/005719628aef0bd48dc7b2f860c7e4ca16b81044