CVE-2024-50613
published 2024-10-27CVE-2024-50613: libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_encode.c mpeg_l3_encoder_close.
PriorityP426medium6.5CVSS 3.1
AVNACLPRNUIRSUCNINAH
EPSS
0.51%
39.8th percentile
libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_encode.c mpeg_l3_encoder_close.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libsndfile | — | — |
| libsndfile_project | libsndfile | <= 1.2.2 | — |
| msrc | azl3_libsndfile_1.2.2-3_on_azure_linux_3.0 | — | — |
| msrc | azl3_libsndfile_1.2.2-4_on_azure_linux_3.0 | — | — |
| msrc | cbl2_libsndfile_1.0.31-3_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_libsndfile_1.0.31-4_on_cbl_mariner_2.0 | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv6.5MEDIUM
vendor_debian6.5MEDIUM
vendor_msrc6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
libsndfile: Reachable assertion in mpeg_l3_encoder_close
vendor_redhat·2024-10-27·CVSS 6.5
CVE-2024-50613 [MEDIUM] CWE-617 libsndfile: Reachable assertion in mpeg_l3_encoder_close
libsndfile: Reachable assertion in mpeg_l3_encoder_close
libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_encode.c mpeg_l3_encoder_close.
A flaw was found in the libsndfile package. A specially-crafted input file may trigger a reachable assertion error, which can cause an application crash leading to a denial of service.
Package: libsndfile (Red Hat Enterprise Linux 10) - Will not fix
Package: libsndfile (Red Hat Enterprise Linux 7) - Out of support scope
Package: libsndfile (Red Hat Enterprise Linux 8) - Will not fix
Package: libsndfile (Red Hat Enterprise Linux 9) - Will not fix
Microsoft
libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_encode.c mpeg_l3_encoder_close.
vendor_msrc·2024-10-08·CVSS 6.5
CVE-2024-50613 [MEDIUM] CWE-617 libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_encode.c mpeg_l3_encoder_close.
libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_encode.c mpeg_l3_encoder_close.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
mitre: mitre
Customer Action
Debian
CVE-2024-50613: libsndfile - libsndfile through 1.2.2 has a reachable assertion, that may lead to application...
vendor_debian·2024·CVSS 6.5
CVE-2024-50613 [MEDIUM] CVE-2024-50613: libsndfile - libsndfile through 1.2.2 has a reachable assertion, that may lead to application...
libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_encode.c mpeg_l3_encoder_close.
Scope: local
bookworm: open
bullseye: open
forky: open
sid: open
trixie: open
GHSA
GHSA-425f-273g-699h: libsndfile through 1
ghsa_unreviewed·2024-10-28
CVE-2024-50613 [MEDIUM] CWE-617 GHSA-425f-273g-699h: libsndfile through 1
libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_encode.c mpeg_l3_encoder_close.
OSV
CVE-2024-50613: libsndfile through 1
osv·2024-10-27·CVSS 6.5
CVE-2024-50613 [MEDIUM] CVE-2024-50613: libsndfile through 1
libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_encode.c mpeg_l3_encoder_close.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-10-27
Published