UbuntuUpdates.org

Package "libsndfile1"

Name: libsndfile1

Description:

Library for reading/writing audio files

Latest version: 1.0.28-7ubuntu0.2
Release: focal (20.04)
Level: security
Repository: main
Head package: libsndfile
Homepage: http://www.mega-nerd.com/libsndfile/

Links


Download "libsndfile1"


Other versions of "libsndfile1" in Focal

Repository Area Version
base main 1.0.28-7
updates main 1.0.28-7ubuntu0.2

Changelog

Version: 1.0.28-7ubuntu0.2 2023-11-02 23:07:26 UTC

  libsndfile (1.0.28-7ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: integer overflow vulnerability
    - debian/patches/CVE-2022-33065/CVE-2022-33065-*.patch: fix various
      numeric overflow vulnerabilities.
    - CVE-2022-33065

 -- Fabian Toepfer <email address hidden> Thu, 02 Nov 2023 16:47:21 +0100

Source diff to previous version
CVE-2022-33065 Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile,

Version: 1.0.28-7ubuntu0.1 2021-07-29 03:06:25 UTC

  libsndfile (1.0.28-7ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: heap buffer overflow in msadpcm_decode_block allows
    arbitrary code execution via crafted WAV file.
    - debian/patches/CVE-2021-3246.patch: upstream patch to src/ms_adpcm.c
      to validate samples per block
    - CVE-2021-3246

 -- Alex Murray <email address hidden> Wed, 28 Jul 2021 10:22:09 +0930

CVE-2021-3246 A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file.



About   -   Send Feedback to @ubuntu_updates