[SECURITY] Fedora 43 Update: SDL3_sound-3.0.0~20260117gitb00e4a3-1.fc43

SDLsound is a library that handles the decoding of several popular sound file formats, such as .WAV and .OGG. It is meant to make the programmer's sound playback tasks simpler. The programmer gives SDLsound a filename, or feeds it data directly from one of many sources, and then reads the decoded...

[SECURITY] Fedora 43 Update: SDL2_sound-2.0.5^20260117git1be041b-1.fc43

SDLsound is a library that handles the decoding of several popular sound file formats, such as .WAV and .OGG. It is meant to make the programmer's sound playback tasks simpler. The programmer gives SDLsound a filename, or feeds it data directly from one of many sources, and then reads the decoded...

[SECURITY] Fedora 44 Update: SDL2_sound-2.0.5^20260117git1be041b-1.fc44

SDLsound is a library that handles the decoding of several popular sound file formats, such as .WAV and .OGG. It is meant to make the programmer's sound playback tasks simpler. The programmer gives SDLsound a filename, or feeds it data directly from one of many sources, and then reads the decoded...

CVE-2026-3394 jarikomppa soloud WAV File soloud_wav.cpp loadwav memory corruption

A vulnerability was detected in jarikomppa soloud up to 20200207. This affects the function SoLoud::Wav::loadwav of the file src/audiosource/wav/soloudwav.cpp of the component WAV File Parser. Performing a manipulation results in memory corruption. The attack must be initiated from a local...

FreeBSD : fluidsynth -- Use after free when using DLS files (bf854a37-e180-11f0-ac0c-5404a68ad561)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the bf854a37-e180-11f0-ac0c-5404a68ad561 advisory. The fluidsynth authors report: A race condition during unloading of a DLS file can trigger a heap-based...

CVE-2025-68617 Use after free in fluidsynth

FluidSynth is a software synthesizer based on the SoundFont 2 specifications. From versions 2.5.0 to before 2.5.2, a race condition during unloading of a DLS file can trigger a heap-based use-after-free. A concurrently running thread may be pending to unload a DLS file, leading to use of freed...

fluidsynth -- Use after free when using DLS files

The fluidsynth authors report: A race condition during unloading of a DLS file can trigger a heap-based use-after-free. A concurrently running thread may be pending to unload a DLS file, leading to use of freed memory, if the synthesizer is being concurrently destroyed, or samples of the unloaded...

libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_encode.c mpeg_l3_encoder_close.

...

OpenMPT and libopenmpt Out-of-Bounds Read Vulnerability

OpenMPT is an open source audio processing program . libopenmpt is a cross-platform C and C++ based audio playback library . An out-of-bounds read vulnerability exists in the soundlib/Loadstp.cpp file in OpenMPT versions 1.27.04.00 and earlier and libopenmpt versions 0.3.6 and earlier. An attacke...

UBUNTU-CVE-2018-6611

soundlib/Loadstp.cpp in OpenMPT through 1.27.04.00, and libopenmpt before 0.3.6, has an out-of-bounds read via a malformed STP file...

UBUNTU-CVE-2014-2427

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound...