CVE-2026-25068 — Improper Validation of Array Index in Project Alsa-lib

CWE-129 — Improper Validation of Array Index CWE-787 — Out-of-bounds Write7 documents7 sources

Severity

4.6MEDIUMNVD

EPSS

0.0%

top 99.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Alsa Project Alsa-lib Debian Alsa-lib

Timeline

PublishedJan 29

Latest updateFeb 16

Description

alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplg_decode_control_mixer1() function reads the num_channels field from untrusted .tplg data and uses it as a loop bound without validating it against the fixed-size channel array (SND_TPLG_MAX_CHAN). A crafted topology file with an excessive num_channels value can cause out-of-bounds heap writes, leading to a crash.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages3 packages

▶debiandebian/alsa-lib< alsa-lib 1.2.4-1.1+deb11u1 (bullseye)

▶CVEListV5alsa_project/alsa-lib1.2.2 — 1.2.15.2

▶Debianalsa_project/alsa-lib< 1.2.4-1.1+deb11u1

🔴Vulnerability Details

GHSA

GHSA-x6vq-264g-8wcx: alsa-lib versions 1↗2026-01-29

▶

OSV

CVE-2026-25068: alsa-lib versions 1↗2026-01-29

▶

📋Vendor Advisories

Ubuntu

alsa-lib vulnerability↗2026-02-16

▶

Red Hat

alsa-lib: alsa-lib Topology Decoder Heap-based Buffer Overflow↗2026-01-29

▶

Debian

CVE-2026-25068: alsa-lib - alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, c...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-25068 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶