13 matches found
USN-8044-2 alsa-lib vulnerability
USN-8044-1 fixed a vulnerability in alsa-lib. This update provides the corresponding fix for alsa-lib on Ubuntu 20.04 LTS. Original advisory details: It was discovered that alsa-lib incorrectly handled the topology mixer control decoder. A local attacker could use a specially crafted topology fil...
[SECURITY] Fedora 43 Update: SDL2_sound-2.0.5^20260117git1be041b-1.fc43
SDLsound is a library that handles the decoding of several popular sound file formats, such as .WAV and .OGG. It is meant to make the programmer's sound playback tasks simpler. The programmer gives SDLsound a filename, or feeds it data directly from one of many sources, and then reads the decoded...
[SECURITY] Fedora 43 Update: SDL3_sound-3.0.0~20260117gitb00e4a3-1.fc43
SDLsound is a library that handles the decoding of several popular sound file formats, such as .WAV and .OGG. It is meant to make the programmer's sound playback tasks simpler. The programmer gives SDLsound a filename, or feeds it data directly from one of many sources, and then reads the decoded...
[SECURITY] Fedora 44 Update: SDL2_sound-2.0.5^20260117git1be041b-1.fc44
SDLsound is a library that handles the decoding of several popular sound file formats, such as .WAV and .OGG. It is meant to make the programmer's sound playback tasks simpler. The programmer gives SDLsound a filename, or feeds it data directly from one of many sources, and then reads the decoded...
CVE-2026-3394 jarikomppa soloud WAV File soloud_wav.cpp loadwav memory corruption
A vulnerability was detected in jarikomppa soloud up to 20200207. This affects the function SoLoud::Wav::loadwav of the file src/audiosource/wav/soloudwav.cpp of the component WAV File Parser. Performing a manipulation results in memory corruption. The attack must be initiated from a local...
FreeBSD : fluidsynth -- Use after free when using DLS files (bf854a37-e180-11f0-ac0c-5404a68ad561)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the bf854a37-e180-11f0-ac0c-5404a68ad561 advisory. The fluidsynth authors report: A race condition during unloading of a DLS file can trigger a heap-based...
CVE-2025-68617 Use after free in fluidsynth
FluidSynth is a software synthesizer based on the SoundFont 2 specifications. From versions 2.5.0 to before 2.5.2, a race condition during unloading of a DLS file can trigger a heap-based use-after-free. A concurrently running thread may be pending to unload a DLS file, leading to use of freed...
fluidsynth -- Use after free when using DLS files
The fluidsynth authors report: A race condition during unloading of a DLS file can trigger a heap-based use-after-free. A concurrently running thread may be pending to unload a DLS file, leading to use of freed memory, if the synthesizer is being concurrently destroyed, or samples of the unloaded...
libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_encode.c mpeg_l3_encoder_close.
...
The vulnerability in the “soundlib/Snd_fx.cpp” file of the OpenMPT tracker software and the libopenmpt library for processing modular music allows a hacker to trigger a service failure.
The vulnerability in the “soundlib/Sndfx.cpp” file of the OpenMPT tracker software and the libopenmpt library for processing modular music is related to buffer overflows and reading beyond the maximum memory limit. Exploiting this vulnerability could allow a malicious actor to cause service...
OpenMPT and libopenmpt Out-of-Bounds Read Vulnerability
OpenMPT is an open source audio processing program . libopenmpt is a cross-platform C and C++ based audio playback library . An out-of-bounds read vulnerability exists in the soundlib/Loadstp.cpp file in OpenMPT versions 1.27.04.00 and earlier and libopenmpt versions 0.3.6 and earlier. An attacke...
UBUNTU-CVE-2018-6611
soundlib/Loadstp.cpp in OpenMPT through 1.27.04.00, and libopenmpt before 0.3.6, has an out-of-bounds read via a malformed STP file...
UBUNTU-CVE-2014-2427
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound...