CVE-2025-68617

EUVD-2025-205027
FluidSynth is a software synthesizer based on the SoundFont 2 specifications. From versions 2.5.0 to before 2.5.2, a race condition during unloading of a DLS file can trigger a heap-based use-after-free. A concurrently running thread may be pending to unload a DLS file, leading to use of freed memory, if the synthesizer is being concurrently destroyed, or samples of the (unloaded) DLS file are concurrently used to synthesize audio. This issue has been patched in version 2.5.2. The problem will not occur, when explicitly unloading a DLS file (before synth destruction), provided that at the time of unloading, no samples of the respective file are used by active voices. The problem will not occur in versions of FluidSynth that have been compiled without native DLS support.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7 HIGH
LOCAL
HIGH
NONE
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
GitHub_MCNA
7 HIGH
LOCAL
HIGH
NONE
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
Affected Products (NVD)
VendorProductVersion
fluidsynthfluidsynth
2.5.0 ≤
𝑥
< 2.5.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
fluidsynth
bookworm
2.3.1-2
not-affected
bullseye
2.1.7-1.1
not-affected
forky
2.5.2+dfsg-1
fixed
sid
2.5.2+dfsg-1
fixed
trixie
2.4.4+dfsg-1+deb13u1
not-affected
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
fluidsynth
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
ignored
questing
needs-triage
trusty
needs-triage
xenial
needs-triage
Common Weakness Enumeration
References
https://github.com/FluidSynth/fluidsynth/commit/685e54cdc44911ace31774260bd0c9ec89887491
https://github.com/FluidSynth/fluidsynth/commit/962b9946b5cb6b16f0c08b89dd1b7016d4fce886
https://github.com/FluidSynth/fluidsynth/issues/1717
https://github.com/FluidSynth/fluidsynth/issues/1728
https://github.com/FluidSynth/fluidsynth/security/advisories/GHSA-ffw2-xvvp-39ch
https://github.com/FluidSynth/fluidsynth/issues/1717
https://github.com/FluidSynth/fluidsynth/issues/1728