libsndfile: integer overflow in ima_reader_init()

A flaw was found in the libsndfile library. An integer overflow in the IMA ADPCM codec can occur when a specially crafted WAV audio file is processed, specifically with malicious samplesperblock and blocks values. This can lead to a heap-based buffer overflow, causing a crash to the application...

Astra Linux - уязвимость в libsndfile

A heap buffer overflow vulnerability in the msadpcmDecodeBlock function of libsndfile 1.0.30 allows attackers to execute arbitrary code through a crafted WAV file...

Unity Linux 20.1060e / 20.1070e Security Update: libsndfile (UTSA-2026-017615)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017615 advisory. A heap buffer overflow vulnerability in msadpcmdecodeblock of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file. Tenable has...

CLSA-2026-1777540469 taglib: Fix of CVE-2023-47466

CVE-2023-47466: Fix segmentation violation and application crash during tag writing via crafted WAV file...

UBUNTU-CVE-2025-70309

A stack overflow in the pcmreframeflushpacket function of GPAC v2.4.0 allows attackers to cause a Denial of Service DoS via a crafted WAV file...

CVE-2025-70309

GPAC 2.4.0 is affected by a stack overflow in pcmreframe_flush_packet triggered by a crafted WAV file, per multiple sources (CNVD, RedHat, NVD, OSV, Debian, Ubuntu, and others). The vulnerability stems from insufficient validation of input data length/size in the function, enabling a Denial of Se...

CVE-2025-70309

A stack overflow in the pcmreframeflushpacket function of GPAC v2.4.0 allows attackers to cause a Denial of Service DoS via a crafted WAV file...

CVE-2025-70309

A stack overflow in the pcmreframeflushpacket function of GPAC v2.4.0 allows attackers to cause a Denial of Service DoS via a crafted WAV file...

EUVD-2022-55929

SoX 14.4.2 contains a division by zero vulnerability when handling WAV files that can cause program crashes. Attackers can trigger a floating point exception by providing a specially crafted WAV file that causes arithmetic errors during sound file processing...

CVE-2022-50798

CVE-2022-50798 is associated with SoX 14.4.2 and is described in multiple advisories as a division-by-zero fault when processing WAV files, potentially causing program crashes. Connected docs indicate the vulnerability affects SoX 14.4.2 and provide remediation guidance via package updates (e.g.,...

CVE-2022-50798

Removed by vendor...

编号撤回

SoX is a suite of open source audio processing tools. The product supports playing, converting and recording audio in multiple formats. A numeric error vulnerability exists in SoX version 14.4.2, which originates from a divide-by-zero error when processing a specially crafted WAV file, and may...

Linux Distros Unpatched Vulnerability : CVE-2023-35964

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary...

Linux Distros Unpatched Vulnerability : CVE-2023-35961

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary...

Linux Distros Unpatched Vulnerability : CVE-2017-9130

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The faacEncOpen function in libfaac/frame.c in Freeware Advanced Audio Coder FAAC 1.28 allows remote attackers to cause a denial of service invalid memory read...

CLSA-2025-1754552791 taglib: Fix of CVE-2023-47466

CVE-2023-47466: Fix segmentation violation and application crash during tag writing via crafted WAV file...

OESA-2025-1638 taglib security update

TagLib is a library for reading and editing the meta-data of several popular audio formats. Currently it supports both ID3v1 and ID3v2 for MP3 files, Ogg Vorbis comments and ID3 tags and Vorbis comments in FLAC, MPC, Speex, WavPack TrueAudio, WAV, AIFF, MP4 and ASF files. Security Fixes: TagLib...

AZL-62441 CVE-2023-47466 affecting package taglib 1.13.1-1

TagLib before 2.0 allows a segmentation violation and application crash during tag writing via a crafted WAV file in which an id3 chunk is the only valid chunk...

PT-2026-3060

Name of the Vulnerable Software and Affected Versions GPAC version 2.4.0 Description A stack overflow exists in the pcmreframe flush packet function. This flaw can be triggered by processing a specially crafted WAV file, potentially leading to a Denial of Service DoS. Recommendations At the momen...

PT-2024-25249 · Unknown · Stsaz Phiola

Name of the Vulnerable Software and Affected Versions: stsaz phiola version 2.0-rc22 Description: The issue is related to a Buffer-Overflow vulnerability at conv.c:68, which allows a remote attacker to execute arbitrary code via a crafted .wav file. Recommendations: For version 2.0-rc22, consider...