The WildMidi_Open function in WildMIDI, since commit d8a466829c67cacbb1700beded25c448d99514e5, is vulnerable to a heap-based buffer overflow via a crafted file. This allows remote attackers to cause a denial of service via an application crash, or possibly another unspecified impact. [UPSTREAM BUG] https://github.com/Mindwerks/wildmidi/issues/178 [UPSTREAM PATCH] https://github.com/Mindwerks/wildmidi/commit/814f31d8eceda8401eb812fc2e94ed143fdad0ab
Created wildmidi tracking bugs for this issue: Affects: epel-7 [bug 1532324]