CVE-2017-11664
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-11664
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-11664.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-11664
- Downstream
- Related
- Published
- 2017-08-17T16:29:00Z
- Modified
- 2025-10-15T08:40:29.342278Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The WMSetupMidiEvent function in internal_midi.c:2122 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file.
- References
Affected packages
Git / github.com/mindwerks/wildmidi
Affected ranges
- Type
- GIT
- Repo
- https://github.com/mindwerks/wildmidi
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
wildmidi-0.*
wildmidi-0.2.2.0
wildmidi-0.2.3.0
wildmidi-0.2.3.3
wildmidi-0.2.3.4
wildmidi-0.2.3.5
wildmidi-0.3.0
wildmidi-0.3.2
wildmidi-0.3.3
wildmidi-0.4.0
wildmidi-0.4.1
Database specific
vanir_signatures
[
{
"source": "https://github.com/mindwerks/wildmidi/commit/ad6d7cf88d6673167ca1f517248af9409a9f1be1",
"id": "CVE-2017-11664-01826a86",
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "src/f_hmi.c"
},
"digest": {
"line_hashes": [
"141351146277561625039154975095896373584",
"254232090882353935440735178609995392553",
"20599918566989616306151374463582397531",
"57848327071888634462554684272852728503",
"60596333353923665938859130060761487794",
"57343432820462941404261783325454411865",
"152007342498841934884471227013216892933",
"299086670282159710434401112740936115172",
"301825861999261548619047659329610589933",
"265486511930786134205048271617960963837",
"321483049606099257764204498468528390989",
"44882530341588105248323886291214711103",
"45340353830214747284546734850131054539",
"50356940890964001180016684295484455205",
"182665046250395521787262365957989574386",
"61852251944179809653588514434797746929",
"82179713164806631160264308436810202940",
"77169549067624612777075062147411002802",
"43347800113789284095348512018702212712",
"101680664409672892327274422924851963410",
"94566935609923672037397493876189048154",
"312555637812548448802023220695534250048",
"222184206187971567320249943828548902372",
"117259801994628497267680323319118456978",
"174401496235902478113372176762605391609",
"255176759582695689828066891435423087381",
"149084827432343390088746230557954381037",
"63472109329827887646495036342024272598",
"200447594012329375807994592965083105066",
"114958568041463139859567747685130123118",
"285676883074085308242777899164824841247",
"118458197099789192203030883309847846898",
"159308196959334796700050199032087512738",
"26336115671816864579141449308084843314",
"289916984747223878407590982287069387274",
"156907487750691822727381042610222320233",
"30253328000760163404062351624140919239",
"102046465290917880523488832916883533018",
"76925666770855591415422786314946368481",
"188876224194996888948792977153577690381",
"171178081484956616344646413460411701735",
"132824764464446078621551336300924292620",
"218870579924950972166230924943275912683",
"136636127851762945073244858211174023834",
"169478583191956497725390868629192486271",
"46117866874244292232369931138806093374",
"297137408525401376259567902541982688689",
"113838974136316491354134832142556930350",
"193777277520304897139491458536224120171",
"289916984747223878407590982287069387274",
"51863263256502341469596307934142215725",
"307071702087406043888160043149991845148",
"45514682112098904233357293951401936403",
"337717401987539588714258576402590531343",
"6253245861956313051842608323407953060"
],
"threshold": 0.9
}
},
{
"source": "https://github.com/mindwerks/wildmidi/commit/ad6d7cf88d6673167ca1f517248af9409a9f1be1",
"id": "CVE-2017-11664-1b8f1616",
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "_WM_ParseNewMidi",
"file": "src/f_midi.c"
},
"digest": {
"function_hash": "292765676935126767621655433092196689897",
"length": 7076.0
}
},
{
"source": "https://github.com/mindwerks/wildmidi/commit/ad6d7cf88d6673167ca1f517248af9409a9f1be1",
"id": "CVE-2017-11664-2659029e",
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "include/internal_midi.h"
},
"digest": {
"line_hashes": [
"240349596886268300509264026791978871342",
"23467033765014469800485347493635840626",
"102551864819858922092193456929454751541",
"234089177027782585333014512321519549507"
],
"threshold": 0.9
}
},
{
"source": "https://github.com/mindwerks/wildmidi/commit/ad6d7cf88d6673167ca1f517248af9409a9f1be1",
"id": "CVE-2017-11664-434e196c",
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "_WM_ParseNewHmp",
"file": "src/f_hmp.c"
},
"digest": {
"function_hash": "86931989432895006916388051258591877425",
"length": 5739.0
}
},
{
"source": "https://github.com/mindwerks/wildmidi/commit/ad6d7cf88d6673167ca1f517248af9409a9f1be1",
"id": "CVE-2017-11664-4ff6c114",
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "src/f_hmp.c"
},
"digest": {
"line_hashes": [
"67031983797352347151291203118380369696",
"3303456085931671045660317397287645771",
"192094503962951008668094983498118431280",
"130845171812342606176608479093982828331",
"162355509778458665191076207917834618650",
"336101010643798050264152588171186664658",
"16299432509934148513647235650215497502",
"14594477859225466290667261962040709303",
"316807840878678939854975127155618345084",
"85206073013068609218003902133468238703",
"195211333651184847926902146084768023522",
"303500600056082932061808264043737684247",
"149066777796212013333426068658957962860",
"249170833553535537768753997168507691826",
"281116004523813532989456096522950045918",
"259598118927604658834767883231673008444",
"264960202430526694605766488726657206919",
"331086963355611367549222722019521478953",
"103583659724563820817495977041244755401",
"173385872001138300419127049059286108891",
"28479828287427692106179027760795804532",
"164726023225820860294182629417227946784",
"324764377225211514231942730432183827206",
"184810810258615976610464215842648451477",
"66618658437271693143027532710734301353",
"100540389624186727476574599782169433090",
"311442127614570740676128365000242959417",
"323275795199287650293458617677726480712",
"17771157738209413858615982936916170726",
"263379928346163298409567705747199214407",
"88823897649265096997586327185686548869"
],
"threshold": 0.9
}
},
{
"source": "https://github.com/mindwerks/wildmidi/commit/ad6d7cf88d6673167ca1f517248af9409a9f1be1",
"id": "CVE-2017-11664-56f914de",
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "_WM_ParseNewXmi",
"file": "src/f_xmidi.c"
},
"digest": {
"function_hash": "107815747377548526876954637397013868036",
"length": 5060.0
}
},
{
"source": "https://github.com/mindwerks/wildmidi/commit/ad6d7cf88d6673167ca1f517248af9409a9f1be1",
"id": "CVE-2017-11664-5d9393c3",
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "src/internal_midi.c"
},
"digest": {
"line_hashes": [
"232985231582014676728743464795540272083",
"142608653670295519470578043776370999906",
"95448357696492381026459217779317659754",
"282140124630312514272413603865838106203",
"9402400541346106242068687143732419535",
"279110710416328920021733561227991923389",
"39695844121596347003611944532860530738",
"224765172163591625545326951796557229044",
"249324873763929888353145039063271955530",
"117867706238520284010317281218876327986",
"105974787213431374526611953409100428406",
"151421721969137499465873569410616305146",
"253707298310576415918187887705119289657",
"272533203646524400764623962237111643076",
"263687732529742214634233343664847976014",
"173101145805100037207221580852785405649",
"148652500486838114645841765975751356849",
"242510090303981423413849200404823737698",
"105463379483447756488605514901653695868",
"21610171315496013210967380548682313529",
"80978134131748510608801049014186360063",
"205094770198681295142667547188782764548",
"292038935945560485456939034581556906140",
"197970800707119263673796925130637789779",
"261220379805619551673291011680165841013",
"270116080470820395744330801095712754087",
"287857713856107226853575085396719205871",
"23822523309814445507217160975420857855",
"305384259419811782037586877780437389193",
"179364477235811356786122484378693897665",
"110916335535676428291017963698918776842",
"203050227862658759956278409113952450987",
"38802677648541637060421979664325516606",
"294355431094038121131806458825491600267",
"84365996671142789866053865865931047729",
"115396553713500183786637741387142386715",
"333328653911786149314302618283770757416",
"274035570192034759608050095783591680984",
"174803368506324447644800752960766905945",
"314498269471595062181635889810236201732",
"118073070525636757359673367181121094249",
"183451612855126251236311521560718676122",
"291970639490952846262508268630681273041",
"325804588082782062556457173718549676683",
"173640143974137631837260490996799560932",
"113373831875946498185226260007497072156",
"339713719740774791653650997188575473390",
"274057390769673259829744374577055527032",
"328168762085521963236197501319696086858",
"132264462106672922925971102465585337796",
"329480186023408175643894669514310304768",
"160117545066612846577058467194445290463",
"314498269471595062181635889810236201732",
"118073070525636757359673367181121094249",
"183451612855126251236311521560718676122",
"291970639490952846262508268630681273041",
"325804588082782062556457173718549676683",
"173640143974137631837260490996799560932",
"113373831875946498185226260007497072156",
"339713719740774791653650997188575473390",
"274057390769673259829744374577055527032",
"154094392091610978810601951952740487549",
"63500615023027284448539604805217230260",
"266736551076436600343179815757096965088",
"114506932839299983574639022412909178603",
"314498269471595062181635889810236201732",
"118073070525636757359673367181121094249",
"183451612855126251236311521560718676122",
"291970639490952846262508268630681273041",
"325804588082782062556457173718549676683",
"173640143974137631837260490996799560932",
"113373831875946498185226260007497072156",
"339713719740774791653650997188575473390",
"274057390769673259829744374577055527032",
"328168762085521963236197501319696086858",
"132264462106672922925971102465585337796",
"329480186023408175643894669514310304768",
"2114813831490344174808375268777907544",
"314498269471595062181635889810236201732",
"118073070525636757359673367181121094249",
"183451612855126251236311521560718676122",
"291970639490952846262508268630681273041",
"325804588082782062556457173718549676683",
"173640143974137631837260490996799560932",
"113373831875946498185226260007497072156",
"339713719740774791653650997188575473390",
"274057390769673259829744374577055527032",
"328168762085521963236197501319696086858",
"132264462106672922925971102465585337796",
"329480186023408175643894669514310304768",
"59954335498346947201207548680278222329",
"314498269471595062181635889810236201732",
"118073070525636757359673367181121094249",
"183451612855126251236311521560718676122",
"291970639490952846262508268630681273041",
"325804588082782062556457173718549676683",
"173640143974137631837260490996799560932",
"113373831875946498185226260007497072156",
"339713719740774791653650997188575473390",
"274057390769673259829744374577055527032",
"328168762085521963236197501319696086858",
"132264462106672922925971102465585337796",
"329480186023408175643894669514310304768",
"60193750874489417757638926424234417256",
"314498269471595062181635889810236201732",
"118073070525636757359673367181121094249",
"183451612855126251236311521560718676122",
"291970639490952846262508268630681273041",
"325804588082782062556457173718549676683",
"173640143974137631837260490996799560932",
"113373831875946498185226260007497072156",
"339713719740774791653650997188575473390",
"274057390769673259829744374577055527032",
"328168762085521963236197501319696086858",
"132264462106672922925971102465585337796",
"329480186023408175643894669514310304768",
"58760509767330544901618337058509396511",
"314498269471595062181635889810236201732",
"118073070525636757359673367181121094249",
"183451612855126251236311521560718676122",
"291970639490952846262508268630681273041",
"325804588082782062556457173718549676683",
"173640143974137631837260490996799560932",
"113373831875946498185226260007497072156",
"339713719740774791653650997188575473390",
"274057390769673259829744374577055527032",
"328168762085521963236197501319696086858",
"132264462106672922925971102465585337796",
"329480186023408175643894669514310304768",
"206583671706375071369467422289460173899",
"195607023254376114411009884829708489485",
"47140025292284312248051979250749806824",
"308814287031599821212623222801880134020",
"241191636543700604797217243504252085086",
"68996816571159511650552745933971230928",
"189455665816939569175140026807908814526",
"334926607513703423763966370876210195076",
"194993032461446163350289714646139664019",
"26014887005259583744331043473612924074",
"176635979797285415401432878958182102120",
"306765932859639524539289719959230176047",
"65875040391246433847017837845025544368",
"67320505834651209490037487932548769974",
"325749069915414379157742954954374576907",
"173547207891283838348636848596144862543",
"179906117082707491217139460715129367879",
"21908525401279632452441024289725799634",
"68786023323521005492890269740680081664",
"12389209997787980744012187814660455853",
"333718797830971752724730003628755828204",
"188489030128429670807275809032462509237",
"314498269471595062181635889810236201732",
"118073070525636757359673367181121094249",
"183451612855126251236311521560718676122",
"291970639490952846262508268630681273041",
"325804588082782062556457173718549676683",
"173640143974137631837260490996799560932",
"113373831875946498185226260007497072156",
"252756665449329953414040793995621120380",
"260502021419487818932613558950340279283",
"164455357036785199002472398850656047442",
"48514725224243495497856726896475594903",
"58877470455285023078890287522842279000",
"184033923110893700667280545978201464259",
"216901671907122518194231045529945495571",
"303993478717682312672060362302027229371",
"97504716411989168386717519724836998629",
"64978700048834227005259445016364616",
"173640143974137631837260490996799560932",
"129028447739940973472274108121253743923",
"197367212939846511293466602155366206796",
"11622310106392217494364894789389708913",
"57976169818595068752519528023650783669",
"180890069669317974654437228311355079786",
"173044231112937832102090123172582534656",
"77284374325764567652393860852948722872",
"168593535587235538550291626403014536277",
"79514298824226988648272696995083593944"
],
"threshold": 0.9
}
},
{
"source": "https://github.com/mindwerks/wildmidi/commit/ad6d7cf88d6673167ca1f517248af9409a9f1be1",
"id": "CVE-2017-11664-6f918b04",
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "_WM_SetupMidiEvent",
"file": "src/internal_midi.c"
},
"digest": {
"function_hash": "64957734829486547105236475810800561991",
"length": 7415.0
}
},
{
"source": "https://github.com/mindwerks/wildmidi/commit/ad6d7cf88d6673167ca1f517248af9409a9f1be1",
"id": "CVE-2017-11664-722c1e84",
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "src/f_xmidi.c"
},
"digest": {
"line_hashes": [
"48685966033372181517930884011757407163",
"24459856794901472844565823513820354601",
"214478028729068990695509847715315215720",
"239582413292450093166578342929871825281"
],
"threshold": 0.9
}
},
{
"source": "https://github.com/mindwerks/wildmidi/commit/ad6d7cf88d6673167ca1f517248af9409a9f1be1",
"id": "CVE-2017-11664-7d3d8c37",
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "src/f_mus.c"
},
"digest": {
"line_hashes": [
"115362588393299484017026622388611308159",
"109879554697335468280146797519457100743",
"288895927221548445544034222232390712229",
"157528642727650210224615388726290862431",
"26982526106202337162626447459470688748",
"129881007100362124534886472997368346201",
"306194869388430092094330725855024970865",
"143478566924020956357921278761762893549"
],
"threshold": 0.9
}
},
{
"source": "https://github.com/mindwerks/wildmidi/commit/ad6d7cf88d6673167ca1f517248af9409a9f1be1",
"id": "CVE-2017-11664-8d37d04d",
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "_WM_ParseNewHmi",
"file": "src/f_hmi.c"
},
"digest": {
"function_hash": "263724555074901050502763607281820245502",
"length": 6160.0
}
},
{
"source": "https://github.com/mindwerks/wildmidi/commit/ad6d7cf88d6673167ca1f517248af9409a9f1be1",
"id": "CVE-2017-11664-ae86921c",
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "src/f_midi.c"
},
"digest": {
"line_hashes": [
"116516709355494710223054538068369780589",
"44959657369594479634166381288676913837",
"222033699935233590796282731170911565198",
"76381277114271900676011861289380652451",
"52158566494861331800073854602304285170",
"254081041692273518356063061024046830138",
"183689567147557373712974238535089601521",
"77065072538992201072150041306138005432",
"186470483442388613544294078650970633867",
"306469420349350112785035622022880895178",
"166525872084823903452868064066238529018",
"285099691323179974021171110065659800254",
"146217595881104739959834499906204264683",
"294463264924769980853338993532878690253",
"35236878624557157946962210809497438322",
"141444031863013425589763298090781356857",
"214003294176409193841770994235870988529",
"311273363838830742636114027463815788065",
"107461153011690827462276760067093304682",
"218497755080452257575895819610972926772",
"65914859638487342993607622576274852580",
"252989453593506030203003024450363493299",
"87209661124196726719543352887874904613",
"171661751468907872556557606981146133001",
"331777528158789544597979626057276077996",
"32400562427443365080130410842057388109",
"44914956615092196844537096028805580672",
"246208685432356010345788996361440352869",
"148129065317299033611575215428003246276",
"315329321779265587517161808991465552326",
"285760667863482788337375565832537981949",
"94028846090048161226526177610464943034",
"163196615939442350164888697854567810111",
"161514002850540477421974738998707754116",
"73087765514544611248889343840167108687",
"268387001820796149638951935706992761764",
"332216794278327143146205938285112958910",
"189950913283037849105706148992379143716",
"205314728384993238052612102802682035049",
"241800243512009300363462097705363121061",
"102073176071331637155938054151757279209",
"312867105774613384641300177551699799632",
"240932913612044246325144268870673090670",
"329536551482337598314785827997917520616",
"336856090314523904209573957993743433582",
"325171648758271212135489901363474963501",
"319302517040755328404396055587196711998",
"48015015226666174067868668687877252436",
"254173781015810296153233557525750933590",
"50867150298625450566166666464181425705",
"153368631249103529511123437459312291382",
"264458133857942373125839773993921951540",
"238453549570621380416979302571680359084",
"310891047425206724502842220439455863417",
"60697695453829942816176996305811826943",
"279499190330340908369034380552900027618",
"316616302457999862443021821623796688609",
"339570735669460759472364027985768622513",
"308532022509756392336245490189308613585",
"328705955090116041231988126622552248873",
"138663597624570846598577962051016879357",
"174044445208091567519634404170836194542",
"247431761622833475558853658994816003745",
"140151705422960127375491758595564581497",
"72097740957468042062807499089149423198",
"305765300884779278799913925857160180709",
"140694150546486721420736080483117224977",
"298122088801866145704481236463769368733",
"78492681091079558520861062019108582953",
"21141690945188943294560960853938374672",
"153368631249103529511123437459312291382",
"264458133857942373125839773993921951540",
"316616302457999862443021821623796688609",
"290226537980494556926756815596431875622",
"131630667134447138870647027726998390218",
"140442121006979194593203238358573966942",
"15399108366372653968503377113548353101",
"138663597624570846598577962051016879357",
"174044445208091567519634404170836194542",
"247431761622833475558853658994816003745",
"140151705422960127375491758595564581497",
"72097740957468042062807499089149423198",
"261988731048080666526799098723135286134",
"286401219199440865809297139948000105880",
"190224680610809903545721765208998234500",
"145750658926128739845057627671745952440",
"215502019820685347072087193748682797132",
"150015387400988845068829707019559232997",
"37585174686818510309053756185304637759"
],
"threshold": 0.9
}
},
{
"source": "https://github.com/mindwerks/wildmidi/commit/ad6d7cf88d6673167ca1f517248af9409a9f1be1",
"id": "CVE-2017-11664-f8356382",
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "_WM_ParseNewMus",
"file": "src/f_mus.c"
},
"digest": {
"function_hash": "256968562929709650087634459246427830624",
"length": 6009.0
}
}
]