SUSE CVE-2022-33064

An off-by-one error in function wavreadheader in src/wav.c in Libsndfile 1.1.0, results in a write out of bound, which allows an attacker to execute arbitrary code, Denial of Service or other unspecified impacts...

SUSE CVE-2019-3832

It was discovered the fix for CVE-2018-19758 libsndfile was not complete and still allows a read beyond the limits of a buffer in wavwriteheader function in wav.c. A local attacker may use this flaw to make the application crash...