vulnerability
FreeBSD: VID-bf854a37-e180-11f0-ac0c-5404a68ad561 (CVE-2025-68617): fluidsynth -- Use after free when using DLS files
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:L/AC:H/Au:N/C:C/I:C/A:C) | Dec 25, 2025 | Jan 27, 2026 | Jan 27, 2026 |
Severity
6
CVSS
(AV:L/AC:H/Au:N/C:C/I:C/A:C)
Published
Dec 25, 2025
Added
Jan 27, 2026
Modified
Jan 27, 2026
Description
The fluidsynth authors report: A race condition during unloading of a DLS file can trigger a heap-based use-after-free. A concurrently running thread may be pending to unload a DLS file, leading to use of freed memory, if the synthesizer is being concurrently destroyed, or samples of the (unloaded) DLS file are concurrently used to synthesize audio. Realistically, both scenarios will result in a denial of service. In worst cases, it may result in arbitrary code execution in the context of an application using FluidSynth.
Solution
freebsd-upgrade-package-fluidsynth
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.