CVE-2021-33897

Name of the Vulnerable Software and Affected Versions Synthesia versions prior to 10.7.5567 Synthesia versions prior to 10.9

Description A buffer overflow in Synthesia, when a non-Latin locale is used, allows user-assisted attackers to cause a denial of service (application crash) via a crafted MIDI file with malformed bytes. This file is mishandled during a deletion attempt. Additionally, an improper path handling allows local attackers to cause a denial of service (application crash) via a crafted MIDI file with malformed bytes.

Recommendations For Synthesia versions prior to 10.7.5567, update to version 10.7.5567 or later to resolve the buffer overflow issue. For Synthesia versions prior to 10.9, update to version 10.9 or later to resolve the improper path handling issue. As a temporary workaround, consider avoiding the use of crafted MIDI files with malformed bytes until a patch is available. Restrict access to the MIDI file handling functionality to minimize the risk of exploitation.