| Package | libsndfile |
|---|---|
| Version | 1.0.25-9.1+deb8u8 (jessie), 1.0.27-3+deb9u4 (stretch), 1.0.28-6+deb10u3 (buster) |
| Related CVEs | CVE-2022-33065 CVE-2024-50612 |
Several security vulnerabilities have been found in libsndfile, a library for reading/writing audio files.
CVE-2022-33065
Multiple signed integers overflow in function au_read_header in src/au.c
and in functions mat4_open and mat4_read_header in src/mat4.c in
Libsndfile, allows an attacker to cause Denial of Service or other
unspecified impacts.
CVE-2024-50612
libsndfile through 1.2.2 has an ogg_vorbis.c vorbis_analysis_wrote
out-of-bounds read.
For Debian 10 buster, these problems have been fixed in version 1.0.28-6+deb10u3.
For Debian 8 jessie, these problems have been fixed in version 1.0.25-9.1+deb8u8.
For Debian 9 stretch, these problems have been fixed in version 1.0.27-3+deb9u4.
We recommend that you upgrade your libsndfile packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.