Gy741

**Name of the Vulnerable Software and Affected Versions** libming versions prior to 0.4.8 **Description** The issue is related to a use-after-free in the decompileIF function, located in util/decompile.c. This may allow attackers to cause a denial of service or have an unspecified impact by using a crafted SWF file. **Recommendations** For versions prior to 0.4.8, update to version 0.4.8 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** libming versions prior to 0.4.8 **Description** The issue is related to an integer overflow and resultant out-of-bounds read in the outputSWF TEXT RECORD function, located in util/outputscript.c. This may allow attackers to cause a denial of service or unspecified other impact via a crafted SWF file. **Recommendations** For versions prior to 0.4.8, update to version 0.4.8 or later to resolve the issue. As a temporary workaround, consider restricting the use of the outputSWF TEXT RECORD function until a patch is available. Avoid using crafted SWF files that may trigger the integer overflow and resultant out-of-bounds read.

**Name of the Vulnerable Software and Affected Versions** WildMIDI versions since commit d8a466829c67cacbb1700beded25c448d99514e5 **Description** The issue allows remote attackers to cause a denial of service, resulting in a heap-based buffer overflow and application crash, or possibly have other unspecified impacts via a crafted file. This is due to a problem in the WildMidi Open function. **Recommendations** For versions since commit d8a466829c67cacbb1700beded25c448d99514e5, as a temporary workaround, consider restricting the use of the WildMidi Open function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.