cbcvebase.
CVE-2024-50612
published 2024-10-27

CVE-2024-50612: libsndfile through 1.2.2 has an ogg_vorbis.c vorbis_analysis_wrote out-of-bounds read.

PriorityP419medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
EPSS
0.31%
22.4th percentile
libsndfile through 1.2.2 has an ogg_vorbis.c vorbis_analysis_wrote out-of-bounds read.

Affected

13 ranges
VendorProductVersion rangeFixed in
debianlibsndfile< libsndfile 1.2.0-1+deb12u1 (bookworm)libsndfile 1.2.0-1+deb12u1 (bookworm)
libsndfile_projectlibsndfile<= 1.2.2
libsndfile_projectlibsndfile>= 0 < 1.0.31-2+deb11u11.0.31-2+deb11u1
libsndfile_projectlibsndfile>= 0 < 1.2.0-1+deb12u11.2.0-1+deb12u1
libsndfile_projectlibsndfile>= 0 < 1.2.2-21.2.2-2
libsndfile_projectlibsndfile>= 0 < 1.2.2-21.2.2-2
libsndfile_projectlibsndfile>= 0 < 1.0.28-7ubuntu0.31.0.28-7ubuntu0.3
libsndfile_projectlibsndfile>= 0 < 1.0.31-2ubuntu0.21.0.31-2ubuntu0.2
libsndfile_projectlibsndfile>= 0 < 1.0.25-7ubuntu2.2+esm41.0.25-7ubuntu2.2+esm4
libsndfile_projectlibsndfile>= 0 < 1.0.28-4ubuntu0.18.04.2+esm21.0.28-4ubuntu0.18.04.2+esm2
msrcazl3_libsndfile_1.2.2-3_on_azure_linux_3.0
msrccbl2_libsndfile_1.0.31-3_on_cbl_mariner_2.0
msrccbl2_libsndfile_1.0.31-4_on_cbl_mariner_2.0

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv7.1HIGH
vendor_ubuntu7.1HIGH
vendor_debian5.5MEDIUM
vendor_redhat5.5MEDIUM
vendor_msrc5.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.