The play_midi function in playmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mid file. NOTE: CPU consumption might be relevant when using the –background option.
The product performs an iteration or loop without sufficiently limiting the number of times that the loop is executed.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Timidity++ | Timidity++_project | 2.14.0 (including) | 2.14.0 (including) |