The _WM_SetupMidiEvent function in internal_midi.c:2318 in WildMIDI 0.4.2can cause a denial of service via a crafted mid file.