2424793 – (CVE-2025-68617) CVE-2025-68617 FluidSynth: FluidSynth: Race Condition in DLS Unloading Allows Code Execution and Privilege Escalation

Bug 2424793 (CVE-2025-68617) - CVE-2025-68617 FluidSynth: FluidSynth: Race Condition in DLS Unloading Allows Code Execution and Privilege Escalation

Summary: CVE-2025-68617 FluidSynth: FluidSynth: Race Condition in DLS Unloading Allows...

Keywords:
Status:	NEW
Alias:	CVE-2025-68617
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2424828 2424829 2424831 2424832 2424833 2424834 2424835
Blocks:
TreeView+	depends on / blocked

Reported:	2025-12-23 23:01 UTC by OSIDB Bzimport
Modified:	2025-12-24 07:18 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-12-23 23:01:33 UTC

FluidSynth is a software synthesizer based on the SoundFont 2 specifications. From versions 2.5.0 to before 2.5.2, a race condition during unloading of a DLS file can trigger a heap-based use-after-free. A concurrently running thread may be pending to unload a DLS file, leading to use of freed memory, if the synthesizer is being concurrently destroyed, or samples of the (unloaded) DLS file are concurrently used to synthesize audio. This issue has been patched in version 2.5.2. The problem will not occur, when explicitly unloading a DLS file (before synth destruction), provided that at the time of unloading, no samples of the respective file are used by active voices. The problem will not occur in versions of FluidSynth that have been compiled without native DLS support.

Note You need to log in before you can comment on or make changes to this bug.