UbuntuUpdates.org

Package "libsndfile"

Name: libsndfile

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Library for reading/writing audio files
  • Development files for libsndfile; a library for reading/writing audio files
Latest version: 1.0.28-7ubuntu0.3
Release: focal (20.04)
Level: updates
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "libsndfile" in Focal

Repository Area Version
base universe 1.0.28-7
base main 1.0.28-7
security main 1.0.28-7ubuntu0.3
security universe 1.0.28-7ubuntu0.3
updates universe 1.0.28-7ubuntu0.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.0.28-7ubuntu0.3 2025-02-19 01:06:50 UTC

  libsndfile (1.0.28-7ubuntu0.3) focal-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds read
    - debian/patches/CVE-2021-4156.patch: addresses improper buffer reusing
    - CVE-2021-4156
  * SECURITY UPDATE: out-of-bounds read
    - debian/patches/CVE-2024-50612.patch: adds better error checking for
      vorbis.
    - CVE-2024-50612

 -- Ian Constantin <email address hidden> Wed, 12 Feb 2025 23:53:34 +0200
Source diff to previous version
CVE-2021-4156 An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricki
CVE-2024-50612 libsndfile through 1.2.2 has an ogg_vorbis.c vorbis_analysis_wrote out-of-bounds read.

Version: 1.0.28-7ubuntu0.2 2023-11-03 00:08:42 UTC

  libsndfile (1.0.28-7ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: integer overflow vulnerability
    - debian/patches/CVE-2022-33065/CVE-2022-33065-*.patch: fix various
      numeric overflow vulnerabilities.
    - CVE-2022-33065

 -- Fabian Toepfer <email address hidden> Thu, 02 Nov 2023 16:47:21 +0100
Source diff to previous version
CVE-2022-33065 Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile,

Version: 1.0.28-7ubuntu0.1 2021-07-29 03:06:26 UTC

  libsndfile (1.0.28-7ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: heap buffer overflow in msadpcm_decode_block allows
    arbitrary code execution via crafted WAV file.
    - debian/patches/CVE-2021-3246.patch: upstream patch to src/ms_adpcm.c
      to validate samples per block
    - CVE-2021-3246

 -- Alex Murray <email address hidden> Wed, 28 Jul 2021 10:22:09 +0930
CVE-2021-3246 A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file.


About   -   Send Feedback to @ubuntu_updates