Astra Linux – Vulnerability in speex

A vulnerability involving division by zero in the static int readsamples function of Speex v1.2 allows attackers to cause a Denial-of-Service attack through a specially crafted WAV file...

libsndfile: integer overflow in ima_reader_init()

A flaw was found in the libsndfile library. An integer overflow in the IMA ADPCM codec can occur when a specially crafted WAV audio file is processed, specifically with malicious samplesperblock and blocks values. This can lead to a heap-based buffer overflow, causing a crash to the application...

Astra Linux - уязвимость в libsndfile

A heap buffer overflow vulnerability in the msadpcmDecodeBlock function of libsndfile 1.0.30 allows attackers to execute arbitrary code through a crafted WAV file...

Unity Linux 20.1060e / 20.1070e Security Update: libsndfile (UTSA-2026-017615)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017615 advisory. A heap buffer overflow vulnerability in msadpcmdecodeblock of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file. Tenable has...

CLSA-2026-1777540469 taglib: Fix of CVE-2023-47466

CVE-2023-47466: Fix segmentation violation and application crash during tag writing via crafted WAV file...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the WAV file processing path when the multiplication of samplesperblock and blocks exceeds the maximum value for a 32-bit integer, resulting in an integer overflow before assignment to a 64-bit variable...

PT-2026-35949

Name of the Vulnerable Software and Affected Versions libsndfile version 1.2.2 Description An integer overflow exists in the IMA ADPCM codec within the WAV and close code paths. When the product of samplesperblock and blocks exceeds the maximum value of a 32-bit signed integer INT MAX, a...

DEBIAN-CVE-2026-20777

A heap-based buffer overflow vulnerability exists in the Nicolet WFT parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch db9a9a63. A specially crafted .wft file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2026-3393

A security vulnerability has been detected in jarikomppa soloud up to 20200207. The impacted element is the function SoLoud::Wav::loadflac of the file src/audiosource/wav/soloudwav.cpp of the component Audio File Handler. Such manipulation leads to heap-based buffer overflow. The attack must be...

PT-2026-22516

A vulnerability was detected in jarikomppa soloud up to 20200207. This affects the function SoLoud::Wav::loadwav of the file src/audiosource/wav/soloud wav.cpp of the component WAV File Parser. Performing a manipulation results in memory corruption. The attack must be initiated from a local...

CVE-2025-70309

A stack overflow in the pcmreframeflushpacket function of GPAC v2.4.0 allows attackers to cause a Denial of Service DoS via a crafted WAV file...

UBUNTU-CVE-2025-70309

A stack overflow in the pcmreframeflushpacket function of GPAC v2.4.0 allows attackers to cause a Denial of Service DoS via a crafted WAV file...

CVE-2025-70309

GPAC 2.4.0 is affected by a stack overflow in pcmreframe_flush_packet triggered by a crafted WAV file, per multiple sources (CNVD, RedHat, NVD, OSV, Debian, Ubuntu, and others). The vulnerability stems from insufficient validation of input data length/size in the function, enabling a Denial of Se...

CVE-2025-70309

A stack overflow in the pcmreframeflushpacket function of GPAC v2.4.0 allows attackers to cause a Denial of Service DoS via a crafted WAV file...

CVE-2025-70309

A stack overflow in the pcmreframeflushpacket function of GPAC v2.4.0 allows attackers to cause a Denial of Service DoS via a crafted WAV file...

CVE-2025-70309

A stack overflow in the pcmreframeflushpacket function of GPAC v2.4.0 allows attackers to cause a Denial of Service DoS via a crafted WAV file...

EUVD-2022-55929

SoX 14.4.2 contains a division by zero vulnerability when handling WAV files that can cause program crashes. Attackers can trigger a floating point exception by providing a specially crafted WAV file that causes arithmetic errors during sound file processing...

CVE-2022-50798

Rejected reason: This candidate is a duplicate of CVE-2017-11359...

CVE-2022-50798

CVE-2022-50798 is associated with SoX 14.4.2 and is described in multiple advisories as a division-by-zero fault when processing WAV files, potentially causing program crashes. Connected docs indicate the vulnerability affects SoX 14.4.2 and provide remediation guidance via package updates (e.g.,...

CVE-2022-50798

Removed by vendor...