CNNVD-202512-4024 Information

Dec 23, 2025 cve

CNNVD ID

CNNVD-202512-4024

CVE-2025-68617

  • CNNVD Published: 2025-12-23

Description (Chinese)

fluidsynth是fluidsynth开源的一个应用系统。用于通过使用SoundFont通过读取和处理MIDI输入设备中的MIDI事件来生成音频。 fluidsynth 2.5.2之前版本存在资源管理错误漏洞,该漏洞源于卸载DLS文件时存在竞争条件,可能触发基于堆的释放后重用。

Description (English)

Fluidsynth is an application system for the open source of fluidsynth. To generate audio by using SoundFont to read and process MIDI input devices. The previous version of fluidsynth 2.5.2 had a resource management error gap, which stemmed from competitive conditions at the time of unloading the DLS file and could trigger post-release reuse based on stacks.

Hazard Level

Medium

Vulnerability Type

资源管理错误

Affected Vendor

fluidsynth

Published

2025-12-23

Last Modified

2026-02-24

References

https://github.com/FluidSynth/fluidsynth/commit/685e54cdc44911ace31774260bd0c9ec89887491 https://github.com/FluidSynth/fluidsynth/commit/962b9946b5cb6b16f0c08b89dd1b7016d4fce886 https://github.com/FluidSynth/fluidsynth/issues/1717 https://github.com/FluidSynth/fluidsynth/issues/1728 https://github.com/FluidSynth/fluidsynth/security/advisories/GHSA-ffw2-xvvp-39ch

Patch

https://github.com/FluidSynth/fluidsynth/releases

Share on: