Debian Fluidsynth vulnerabilities

CVE-2025-56225 [HIGH] CVE-2025-56225: fluidsynth - fluidsynth-2.4.6 and earlier versions is vulnerable to Null pointer dereference ... fluidsynth-2.4.6 and earlier versions is vulnerable to Null pointer dereference in fluid_synth_monopoly.c, that can be triggered when loading an invalid midi file. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 2.4.7+dfsg-1) sid: resolved (fixed in 2.4.7+dfsg-1) trixie: resolved (fixed in 2.4.4+dfsg-1+deb13u2)

CVE-2025-68617 [HIGH] CVE-2025-68617: fluidsynth - FluidSynth is a software synthesizer based on the SoundFont 2 specifications. Fr... FluidSynth is a software synthesizer based on the SoundFont 2 specifications. From versions 2.5.0 to before 2.5.2, a race condition during unloading of a DLS file can trigger a heap-based use-after-free. A concurrently running thread may be pending to unload a DLS file, leading to use of freed memory, if the synthesizer is being concurrently destroyed, or samples

CVE-2021-21417 [HIGH] CVE-2021-21417: fluidsynth - fluidsynth is a software synthesizer based on the SoundFont 2 specifications. A ... fluidsynth is a software synthesizer based on the SoundFont 2 specifications. A use after free violation was discovered in fluidsynth, that can be triggered when loading an invalid SoundFont file. Scope: local bookworm: resolved (fixed in 2.1.7-1.1) bullseye: resolved (fixed in 2.1.7-1.1) forky: resolved (fixed in 2.1.7-1.1) sid: resolved (fixed in 2.1.7-1.1) tri