Derselbst

**Name of the Vulnerable Software and Affected Versions** FluidSynth versions 2.5.0 through 2.5.1 **Description** FluidSynth, a software synthesizer based on the SoundFont 2 specifications, contains a flaw. A race condition during the unloading of a DLS file can lead to a heap-based use-after-free. This occurs when a thread is waiting to unload a DLS file while the synthesizer is being destroyed or samples from the DLS file are being used for audio synthesis. The issue does not occur when explicitly unloading a DLS file before synthesizer destruction, provided no samples are actively used. It also does not occur in builds without native DLS support. **Recommendations** Update to version 2.5.2 or later.

**Name of the Vulnerable Software and Affected Versions** fluidsynth (affected versions not specified) **Description** A use after free violation was discovered in fluidsynth that can be triggered when loading an invalid SoundFont file. This issue allows a remote attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.