CVE-2021-33897 Information

Description

A buffer overflow in Synthesia before 10.7.5567 when a non-Latin locale is used allows user-assisted attackers to cause a denial of service (application crash) via a crafted MIDI file with malformed bytes. This file is mishandled during a deletion attempt. In Synthesia before 10.9 an improper path handling allows local attackers to cause a denial of service (application crash) via a crafted MIDI file with malformed bytes.

Reference

https://synthesiagame.com/news https://isopach.dev/CVE-2021-33897