CVE-2021-28421 - log back

CVE-2021-28421 edited at 13 Apr 2021 16:24:27
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Arbitrary code execution
Description
+ FluidSynth 2.1.7 contains a use after free vulnerability in sfloader/fluid_sffile.c that can result in arbitrary code execution or a denial of service (DoS) if a malicious soundfont2 file is loaded into a fluidsynth library.
References
+ https://github.com/FluidSynth/fluidsynth/issues/808
+ https://github.com/FluidSynth/fluidsynth/pull/810
+ https://github.com/FluidSynth/fluidsynth/commit/005719628aef0bd48dc7b2f860c7e4ca16b81044
Notes
CVE-2021-28421 created at 13 Apr 2021 16:23:01