UbuntuUpdates.org

Package "libsndfile"

Name: libsndfile

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Library for reading/writing audio files
  • Development files for libsndfile; a library for reading/writing audio files

Latest version: 1.0.28-7ubuntu0.2
Release: focal (20.04)
Level: security
Repository: main

Links



Other versions of "libsndfile" in Focal

Repository Area Version
base universe 1.0.28-7
base main 1.0.28-7
security universe 1.0.28-7ubuntu0.2
updates main 1.0.28-7ubuntu0.2
updates universe 1.0.28-7ubuntu0.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.0.28-7ubuntu0.2 2023-11-02 23:07:26 UTC

  libsndfile (1.0.28-7ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: integer overflow vulnerability
    - debian/patches/CVE-2022-33065/CVE-2022-33065-*.patch: fix various
      numeric overflow vulnerabilities.
    - CVE-2022-33065

 -- Fabian Toepfer <email address hidden> Thu, 02 Nov 2023 16:47:21 +0100

Source diff to previous version
CVE-2022-33065 Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile,

Version: 1.0.28-7ubuntu0.1 2021-07-29 03:06:25 UTC

  libsndfile (1.0.28-7ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: heap buffer overflow in msadpcm_decode_block allows
    arbitrary code execution via crafted WAV file.
    - debian/patches/CVE-2021-3246.patch: upstream patch to src/ms_adpcm.c
      to validate samples per block
    - CVE-2021-3246

 -- Alex Murray <email address hidden> Wed, 28 Jul 2021 10:22:09 +0930

CVE-2021-3246 A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file.



About   -   Send Feedback to @ubuntu_updates