MidnightBSD

Advisories for linuxsampler

CVE-2017-12950 MEDIUM

The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
linuxsampler libgig 4.0.0
CVE-2018-14449 MEDIUM

An issue was discovered in libgig 4.1.0. There is an out of bounds read in gig::File::UpdateChunks in gig.cpp.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
linuxsampler libgig 4.1.0
CVE-2018-14450 MEDIUM

An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "update dimension region's chunks" feature of the function gig::Region::UpdateChunks in gig.cpp.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
linuxsampler libgig 4.1.0
CVE-2018-14451 MEDIUM

An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in the function RIFF::Chunk::Read in RIFF.cpp.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
linuxsampler libgig 4.1.0
CVE-2018-14452 MEDIUM

An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "always assign the sample of the first dimension region of this region" feature of the function gig::Region::UpdateChunks in gig.cpp.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
linuxsampler libgig 4.1.0
CVE-2018-14453 MEDIUM

An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store16 in helper.h.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
linuxsampler libgig 4.1.0
CVE-2018-14454 MEDIUM

An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the function RIFF::Chunk::Read in RIFF.cpp.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
linuxsampler libgig 4.1.0
CVE-2018-14455 MEDIUM

An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store32 in helper.h.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
linuxsampler libgig 4.1.0
CVE-2018-14456 MEDIUM

An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::SaveString in DLS.cpp.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
linuxsampler libgig 4.1.0
CVE-2018-14457 MEDIUM

An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::UpdateChunks in DLS.cpp.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
linuxsampler libgig 4.1.0
CVE-2018-14458 MEDIUM

An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store32 in helper.h.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
linuxsampler libgig 4.1.0
CVE-2018-14459 MEDIUM

An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store16 in helper.h.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
linuxsampler libgig 4.1.0
CVE-2018-18192 MEDIUM

An issue was discovered in libgig 4.1.0. There is a NULL pointer dereference in the function DLS::File::GetFirstSample() in DLS.cpp.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
linuxsampler libgig 4.1.0
CVE-2018-18193 MEDIUM

An issue was discovered in libgig 4.1.0. There is operator new[] failure (due to a big pWavePoolTable heap request) in DLS::File::File in DLS.cpp.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
linuxsampler libgig 4.1.0
CVE-2018-18194 MEDIUM

An issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in DLS::Region::GetSample() in DLS.cpp.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
linuxsampler libgig 4.1.0
CVE-2018-18195 MEDIUM

An issue was discovered in libgig 4.1.0. There is an FPE (divide-by-zero error) in DLS::Sample::Sample in DLS.cpp.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-369,

Products Affected

Vendor Product Version
linuxsampler libgig 4.1.0
CVE-2018-18196 MEDIUM

An issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in RIFF::List::GetListTypeString in RIFF.cpp.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
linuxsampler libgig 4.1.0
CVE-2018-18197 HIGH

An issue was discovered in libgig 4.1.0. There is an operator new[] failure (due to a big pSampleLoops heap request) in DLS::Sampler::Sampler in DLS.cpp.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
linuxsampler libgig 4.1.0
CVE-2021-32294 MEDIUM

An issue was discovered in libgig through 20200507. A heap-buffer-overflow exists in the function RIFF::List::GetSubList located in RIFF.cpp. It allows an attacker to cause code Execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
linuxsampler libgig *