CVE-2015-3836

Name of the Vulnerable Software and Affected Versions Sonivox DLS-to-EAS converter versions prior to 5.1.1 LMY48I

Description The issue is related to the Parse wave function in the Sonivox DLS-to-EAS converter, which does not properly handle negative values for a certain size field. This can be exploited by remote attackers using specially crafted XMF data, potentially allowing them to execute arbitrary code or cause a denial of service due to a buffer overflow.

Recommendations For versions prior to 5.1.1 LMY48I, update to version 5.1.1 LMY48I or later to resolve the issue. As a temporary workaround, consider restricting the use of the Parse wave function until a patch is available. Avoid using the Sonivox DLS-to-EAS converter with untrusted XMF data until the issue is resolved.