CVE-2025-56226

A flaw was found in the libsndfile library. This issue occurs when encoding MP3 files. During initialization, when an unsupported sample rate is detected, encoding resources are not released within the error-handling path due to an incomplete initialization, impacting system performance and...

A buffer overflow vulnerability exists in libsndfile version 1.2.2 and potentially earlier versions when processing malformed IRCAM audio files. The vulnerability occurs in the ircam_read_header function at src/ircam.c:164 during sample rate processing, leading to memory corruption and potential code execution.

...

Linux Distros Unpatched Vulnerability : CVE-2017-15266

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In GNU Libextractor 1.4, there is a Divide-By-Zero in EXTRACTORwavextractmethod in wavextractor.c via a zero sample rate. CVE-2017-15266 Note that Nessus relies...

CVE-2025-52194

A buffer overflow vulnerability exists in libsndfile version 1.2.2 and potentially earlier versions when processing malformed IRCAM audio files. The vulnerability occurs in the ircamreadheader function at src/ircam.c:164 during sample rate processing, leading to memory corruption and potential co...

CVE-2025-52194

A buffer overflow vulnerability exists in libsndfile version 1.2.2 and potentially earlier versions when processing malformed IRCAM audio files. The vulnerability occurs in the ircamreadheader function at src/ircam.c:164 during sample rate processing, leading to memory corruption and potential co...

AZL-66671 CVE-2025-52194 affecting package libsndfile 1.2.2-4

A buffer overflow vulnerability exists in libsndfile version 1.2.2 and potentially earlier versions when processing malformed IRCAM audio files. The vulnerability occurs in the ircamreadheader function at src/ircam.c:164 during sample rate processing, leading to memory corruption and potential co...

CVE-2025-52194

A buffer overflow vulnerability exists in libsndfile version 1.2.2 and potentially earlier versions when processing malformed IRCAM audio files. The vulnerability occurs in the ircamreadheader function at src/ircam.c:164 during sample rate processing, leading to memory corruption and potential co...

CVE-2025-52194

CVE-2025-52194 affects libsndfile (v1.2.2 and potentially earlier) with a buffer overflow in ircam_read_header (src/ircam.c:164) during IRCAM audio file sample-rate processing. This causes memory corruption and can lead to code execution. Connected sources corroborate the same vulnerability descr...

Security update for ffmpeg

This update for ffmpeg fixes the following issues: CVE-2025-22921: Clear array length when freeing it. bsc1237382 CVE-2025-0518: Fix memory data leak when use sscanf. bsc1236007 CVE-2025-22919: Check for valid sample rate, to fix the invalid sample rate = 0. bsc1237371 CVE-2024-12361: Add check f...

SUSE-SU-2025:1450-1 Security update for ffmpeg

This update for ffmpeg fixes the following issues: - CVE-2025-22921: Clear array length when freeing it. bsc1237382 - CVE-2025-0518: Fix memory data leak when use sscanf. bsc1236007 - CVE-2025-22919: Check for valid sample rate, to fix the invalid sample rate = 0. bsc1237371 - CVE-2024-12361: Add...

PT-2025-12191 · Mintplex · Anything-Llm

Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm version 1d9452da2b92 Description: A denial of service issue arises when uploading an audio file with a very low sample rate, causing the site instance to crash. This occurs due to the localWhisper implementation,...

anything-llm 资源管理错误漏洞

anything-llm is an all-in-one desktop and Docker AI application open-sourced by Mintplex. A resource management error vulnerability exists in anything-llm, which stems from the fact that uploading low-sample-rate audio files may cause a site instance to crash...

[SECURITY] Fedora 41 Update: SDL2_sound-2.0.4-1.fc41

SDLsound is a library that handles the decoding of several popular sound file formats, such as .WAV and .OGG. It is meant to make the programmer's sound playback tasks simpler. The programmer gives SDLsound a filename, or feeds it data directly from one of many sources, and then reads the decoded...

Ubuntu 18.04 LTS : WavPack vulnerability (USN-3960-1)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3960-1 advisory. It was discovered that WavPack incorrectly handled certain DFF files. An attacker could possibly use this issue to cause a denial of service. Tenable has extracte...

SUSE CVE-2012-1107

The analyzeCurrent function in ape/apeproperties.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service application crash via a crafted sampleRate in an ape file, which triggers a divide-by-zero error...

SUSE CVE-2014-1542

Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel count and sample rate...

SUSE CVE-2015-9099

The lameinitparams function in lame.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service invalid read and application crash via a crafted audio file with a negative sample rate...

SUSE CVE-2017-18255

The perfcputimemaxpercenthandler function in kernel/events/core.c in the Linux kernel before 4.11 allows local users to cause a denial of service integer overflow or possibly have unspecified other impact via a large value, as demonstrated by an incorrect sample-rate calculation...

SUSE CVE-2018-19840

The function WavpackPackInit in packutils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service resource exhaustion caused by an infinite loop via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero...

SUSE CVE-2019-11498

WavpackSetConfiguration64 in packutils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service application crash via a DFF file that lacks valid sample-rate data...