Astra Linux - уязвимость в alsa-lib

alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplgdecodecontrolmixer1 function reads the numchannels field from untrusted .tplg data and uses it as a loop bound without validating it...

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: alsa-lib: alsa-lib-1.2.15.3-3.1.hum1 aarch64, x8664 alsa-lib-devel-1.2.15.3-3.1.hum1 aarch64, x8664 alsa-topology-1.2.15.3-3.1.hum1 noarch alsa-ucm-1.2.15.3-3.1.hum1 noarch...

OESA-2026-1582 alsa-lib security update

The alsa-lib is a library to interface with ALSA in the Linux kernel and virtual devices using a plugin system. More detail: https://alsa.opensrc.org/Alsa-lib Security Fixes: alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the...

Unity Linux 20.1070e Security Update: alsa-lib (UTSA-2026-006158)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006158 advisory. alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The...

CVE-2026-25068 affecting package alsa-lib for versions less than 1.2.6.1-3

CVE-2026-25068 affecting package alsa-lib for versions less than 1.2.6.1-3. A patched version of the package is available...

Amazon Linux 2023 : alsa-lib, alsa-lib-devel, alsa-topology (ALAS2023-2026-1426)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1426 advisory. alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplgdecodecontrolmixer1 function reads the...

Medium: alsa-lib

Issue Overview: alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplgdecodecontrolmixer1 function reads the numchannels field from untrusted .tplg data and uses it as a loop bound without...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : alsa-lib vulnerability (USN-8044-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8044-1 advisory. It was discovered that alsa-lib incorrectly handled the topology mixer control decoder. A local attacker could use a specially crafted topolog...

Ubuntu: Security Advisory (USN-8044-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-8044-1: alsa-lib vulnerability

It was discovered that alsa-lib incorrectly handled the topology mixer control decoder. A local attacker could use a specially crafted topology file to cause alsa-lib to crash, resulting in a denial of service, or possibly execute arbitrary code...

USN-8044-1 alsa-lib vulnerability

It was discovered that alsa-lib incorrectly handled the topology mixer control decoder. A local attacker could use a specially crafted topology file to cause alsa-lib to crash, resulting in a denial of service, or possibly execute arbitrary code...

Debian: Security Advisory (DLA-4469-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 4469-1] alsa-lib security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4469-1 [email protected] https://www.debian.org/lts/security/ Paride Legovini February 05, 2026 https://wiki.debian.org/LTS -...

Important Photon OS Security Update - PHSA-2026-4.0-0958

Updates of 'alsa-lib' packages of Photon OS have been released...

DLA-4469-1 alsa-lib - security update

Bulletin has no description...

CVE-2026-25068

alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplgdecodecontrolmixer1 function reads the numchannels field from untrusted .tplg data and uses it as a loop bound without validating it...

AZL-75773 CVE-2026-25068 affecting package alsa-lib 1.2.9-1

alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplgdecodecontrolmixer1 function reads the numchannels field from untrusted .tplg data and uses it as a loop bound without validating it...

CVE-2026-25068

alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplgdecodecontrolmixer1 function reads the numchannels field from untrusted .tplg data and uses it as a loop bound without validating it...

UBUNTU-CVE-2026-25068

alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplgdecodecontrolmixer1 function reads the numchannels field from untrusted .tplg data and uses it as a loop bound without validating it...

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index in the tplgdecodecontrolmixer1 function when the numchannels field from untrusted .tplg data is used as a loop bound without validation against the fixed-size channel array. An attacker can cause...