Debian Libsndfile vulnerabilities

CVE-2025-56226 [MEDIUM] CVE-2025-56226: libsndfile - Libsndfile <=1.2.2 contains a memory leak vulnerability in the mpeg_l3_encoder_i... Libsndfile <=1.2.2 contains a memory leak vulnerability in the mpeg_l3_encoder_init() function within the mpeg_l3_encode.c file. Scope: local bookworm: open bullseye: resolved forky: resolved (fixed in 1.2.2-4) sid: resolved (fixed in 1.2.2-4) trixie: resolved (fixed in 1.2.2-2+deb13u1)

CVE-2024-50613 [MEDIUM] CVE-2024-50613: libsndfile - libsndfile through 1.2.2 has a reachable assertion, that may lead to application... libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_encode.c mpeg_l3_encoder_close. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2024-50612 [MEDIUM] CVE-2024-50612: libsndfile - libsndfile through 1.2.2 has an ogg_vorbis.c vorbis_analysis_wrote out-of-bounds... libsndfile through 1.2.2 has an ogg_vorbis.c vorbis_analysis_wrote out-of-bounds read. Scope: local bookworm: resolved (fixed in 1.2.0-1+deb12u1) bullseye: resolved (fixed in 1.0.31-2+deb11u1) forky: resolved (fixed in 1.2.2-2) sid: resolved (fixed in 1.2.2-2) trixie: resolved (fixed in 1.2.2-2)

CVE-2022-33065 [HIGH] CVE-2022-33065: libsndfile - Multiple signed integers overflow in function au_read_header in src/au.c and in ... Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts. Scope: local bookworm: resolved (fixed in 1.2.0-1+deb12u1) bullseye: resolved (fixed in 1.0.31-2+deb11u1) forky: resolved (fixed in 1.2.2-2

CVE-2021-3246 [HIGH] CVE-2021-3246: libsndfile - A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.3... A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file. Scope: local bookworm: resolved (fixed in 1.0.31-2) bullseye: resolved (fixed in 1.0.31-2) forky: resolved (fixed in 1.0.31-2) sid: resolved (fixed in 1.0.31-2) trixie: resolved (fixed in 1.0.31-2)

CVE-2021-4156 [HIGH] CVE-2021-4156: libsndfile - An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. A... An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most likely cause a crash but could potentially leak memory information

CVE-2019-3832 [MEDIUM] CVE-2019-3832: libsndfile - It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and s... It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash. Scope: local bookworm: resolved (fixed in 1.0.28-6) bullseye: resolved (fixed in 1.0.28-6) forky: resolved (fixed in 1.0.28-6) si

CVE-2018-19758 [MEDIUM] CVE-2018-19758: libsndfile - There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfil... There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service. Scope: local bookworm: resolved (fixed in 1.0.28-5) bullseye: resolved (fixed in 1.0.28-5) forky: resolved (fixed in 1.0.28-5) sid: resolved (fixed in 1.0.28-5) trixie: resolved (fixed in 1.0.28-5)

CVE-2018-19662 [HIGH] CVE-2018-19662: libsndfile - An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the... An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service. Scope: local bookworm: resolved (fixed in 1.0.28-5) bullseye: resolved (fixed in 1.0.28-5) forky: resolved (fixed in 1.0.28-5) sid: resolved (fixed in 1.0.28-5) trixie: resolved (fixed in 1.0.28-5)

CVE-2018-19661 [MEDIUM] CVE-2018-19661: libsndfile - An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the... An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of service. Scope: local bookworm: resolved (fixed in 1.0.28-5) bullseye: resolved (fixed in 1.0.28-5) forky: resolved (fixed in 1.0.28-5) sid: resolved (fixed in 1.0.28-5) trixie: resolved (fixed in 1.0.28-5)

CVE-2018-19432 [MEDIUM] CVE-2018-19432: libsndfile - An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereferenc... An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service. Scope: local bookworm: resolved (fixed in 1.0.28-5) bullseye: resolved (fixed in 1.0.28-5) forky: resolved (fixed in 1.0.28-5) sid: resolved (fixed in 1.0.28-5) trixie: resolved (fixed in 1.0.28-5)

CVE-2018-13139 [HIGH] CVE-2018-13139: libsndfile - A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 all... A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave. Scope: local bookworm: resolved (fixed in 1.0.28-5) bullseye: resolved (

CVE-2017-12562 [CRITICAL] CVE-2017-12562: libsndfile - Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in l... Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. Scope: local bookworm: resolved (fixed in 1.0.28-3) bullseye: resolved (fixed in 1.0.28-3) forky: resolved (fixed in 1.0.28-3) sid: resolved

CVE-2017-6892 [HIGH] CVE-2017-6892: libsndfile - In libsndfile version 1.0.28, an error in the "aiff_read_chanmap()" function (ai... In libsndfile version 1.0.28, an error in the "aiff_read_chanmap()" function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file. Scope: local bookworm: resolved (fixed in 1.0.28-1) bullseye: resolved (fixed in 1.0.28-1) forky: resolved (fixed in 1.0.28-1) sid: resolved (fixed in 1.0.28-1) trixie: resolved (fixed

CVE-2017-8361 [HIGH] CVE-2017-8361: libsndfile - The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attac... The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file. Scope: local bookworm: resolved (fixed in 1.0.27-3) bullseye: resolved (fixed in 1.0.27-3) forky: resolved (fixed in 1.0.27-3) sid: resolved (fix

CVE-2017-16942 [MEDIUM] CVE-2017-16942: libsndfile - In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists in the fun... In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS when playing a crafted audio file. Scope: local bookworm: resolved (fixed in 1.0.27-1) bullseye: resolved (fixed in 1.0.27-1) forky: resolved (fixed in 1.0.27-1) sid: resolved (fixed in 1.0.27-1) trixie: resolved (fi

CVE-2017-14634 [MEDIUM] CVE-2017-14634: libsndfile - In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_ini... In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file. Scope: local bookworm: resolved (fixed in 1.0.28-5) bullseye: resolved (fixed in 1.0.28-5) forky: resolved (fixed in 1.0.28-5) sid: resolved (fixed in 1.0.28-5) trixie: resolved (fixed in 1.0.28-5)

CVE-2017-7586 [MEDIUM] CVE-2017-7586: libsndfile - In libsndfile before 1.0.28, an error in the "header_read()" function (common.c)... In libsndfile before 1.0.28, an error in the "header_read()" function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file. Scope: local bookworm: resolved (fixed in 1.0.27-2) bullseye: resolved (fixed in 1.0.27-2) forky: resolved (fixed in 1.0.27-2) sid: resolved (fixed in 1.0.27-2) trixie: r

CVE-2017-7741 [MEDIUM] CVE-2017-7741: libsndfile - In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac... In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with write memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585. Scope: local bookworm: resolved (fixed in 1.0.27-2) bullseye: resolved (fixed in 1.0.27-2) forky: resolved (

CVE-2017-7585 [MEDIUM] CVE-2017-7585: libsndfile - In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac... In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file. Scope: local bookworm: resolved (fixed in 1.0.27-2) bullseye: resolved (fixed in 1.0.27-2) forky: resolved (fixed in 1.0.27-2) sid: resolved (fixed in 1.0.27-2) trixie: resolved (fixed in 1.