CVE-2025-68617

FluidSynth is a software synthesizer based on the SoundFont 2 specifications. From versions 2.5.0 to before 2.5.2, a race condition during unloading of a DLS file can trigger a heap-based use-after-free. A concurrently running thread may be pending to unload a DLS file, leading to use of freed memory, if the synthesizer is being concurrently destroyed, or samples of the (unloaded) DLS file are concurrently used to synthesize audio. This issue has been patched in version 2.5.2. The problem will not occur, when explicitly unloading a DLS file (before synth destruction), provided that at the time of unloading, no samples of the respective file are used by active voices. The problem will not occur in versions of FluidSynth that have been compiled without native DLS support.

CVSS v3 7.0 HIGH

7.0^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.0 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/FluidSynth/fluidsynth/commit/685e54cdc44911ace31774260bd0c9ec89887491	Patch
https://github.com/FluidSynth/fluidsynth/commit/962b9946b5cb6b16f0c08b89dd1b7016d4fce886	Patch
https://github.com/FluidSynth/fluidsynth/issues/1717	Exploit Issue Tracking
https://github.com/FluidSynth/fluidsynth/issues/1728	Issue Tracking
https://github.com/FluidSynth/fluidsynth/security/advisories/GHSA-ffw2-xvvp-39ch	Vendor Advisory
https://github.com/FluidSynth/fluidsynth/issues/1717	Exploit Issue Tracking
https://github.com/FluidSynth/fluidsynth/issues/1728	Issue Tracking

Configurations

Configuration 1 (hide)

cpe:2.3:a:fluidsynth:fluidsynth:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-12-23 23:15

Updated : 2026-01-15 02:01

NVD link : CVE-2025-68617

Mitre link : CVE-2025-68617

CVE.ORG link : CVE-2025-68617

JSON object : View

Products Affected

fluidsynth

fluidsynth

CWE

CWE-416

Use After Free

{"id": "CVE-2025-68617", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.0, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.0}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.0, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.0}]}, "published": "2025-12-23T23:15:44.757", "references": [{"url": "https://github.com/FluidSynth/fluidsynth/commit/685e54cdc44911ace31774260bd0c9ec89887491", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/FluidSynth/fluidsynth/commit/962b9946b5cb6b16f0c08b89dd1b7016d4fce886", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/FluidSynth/fluidsynth/issues/1717", "tags": ["Exploit", "Issue Tracking"], "source": "security-advisories@github.com"}, {"url": "https://github.com/FluidSynth/fluidsynth/issues/1728", "tags": ["Issue Tracking"], "source": "security-advisories@github.com"}, {"url": "https://github.com/FluidSynth/fluidsynth/security/advisories/GHSA-ffw2-xvvp-39ch", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/FluidSynth/fluidsynth/issues/1717", "tags": ["Exploit", "Issue Tracking"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}, {"url": "https://github.com/FluidSynth/fluidsynth/issues/1728", "tags": ["Issue Tracking"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "FluidSynth is a software synthesizer based on the SoundFont 2 specifications. From versions 2.5.0 to before 2.5.2, a race condition during unloading of a DLS file can trigger a heap-based use-after-free. A concurrently running thread may be pending to unload a DLS file, leading to use of freed memory, if the synthesizer is being concurrently destroyed, or samples of the (unloaded) DLS file are concurrently used to synthesize audio. This issue has been patched in version 2.5.2. The problem will not occur, when explicitly unloading a DLS file (before synth destruction), provided that at the time of unloading, no samples of the respective file are used by active voices. The problem will not occur in versions of FluidSynth that have been compiled without native DLS support."}], "lastModified": "2026-01-15T02:01:38.707", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fluidsynth:fluidsynth:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2FC707E6-47FF-47FE-83A7-B93AA1364D07", "versionEndExcluding": "2.5.2", "versionStartIncluding": "2.5.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}