CVE-2017-11661

HIGH

WildMIDI 0.4.2 - Denial of Service via Crafted MIDI File

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-11661. PoCs published by qflb.wu.

AI-analyzed exploit summary The exploit demonstrates multiple denial-of-service vulnerabilities in WildMIDI 0.4.2, specifically invalid memory reads leading to application crashes via crafted MIDI files. The PoC includes debug information and stack traces showing segmentation faults in functions like _WM_SetupMidiEvent and _WM_ParseNewMidi.

Description

The _WM_SetupMidiEvent function in internal_midi.c:2318 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file.

Exploits (1)

exploitdb WORKING POC
by qflb.wu · textdoslinux
https://www.exploit-db.com/exploits/42433

The exploit demonstrates multiple denial-of-service vulnerabilities in WildMIDI 0.4.2, specifically invalid memory reads leading to application crashes via crafted MIDI files. The PoC includes debug information and stack traces showing segmentation faults in functions like _WM_SetupMidiEvent and _WM_ParseNewMidi.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: WildMIDI 0.4.2
No auth needed
Prerequisites: Crafted MIDI file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/42433/
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2017/Aug/12

Scores

CVSS v3 7.5
EPSS 0.1077
EPSS Percentile 95.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-125
Status published
Products (1)
mindwerks/wildmidi 0.4.2
Published Aug 17, 2017
Tracked Since Feb 18, 2026