%20--%3e%3csvg%20version='1.1'%20id='Layer_1'%20x='0px'%20y='0px'%20viewBox='0%200%20107.30001%20140.79999'%20xml:space='preserve'%20sodipodi:docname='mind_logo_positief.svg'%20width='107.30001'%20height='140.79999'%20xmlns:inkscape='http://www.inkscape.org/namespaces/inkscape'%20xmlns:sodipodi='http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd'%20xmlns='http://www.w3.org/2000/svg'%20xmlns:svg='http://www.w3.org/2000/svg'%3e%3cdefs%20id='defs29'%20/%3e%3csodipodi:namedview%20id='namedview29'%20pagecolor='%23505050'%20bordercolor='%23eeeeee'%20borderopacity='1'%20inkscape:showpageshadow='0'%20inkscape:pageopacity='0'%20inkscape:pagecheckerboard='0'%20inkscape:deskcolor='%23d1d1d1'%3e%3cinkscape:page%20x='0'%20y='0'%20width='107.30001'%20height='140.79999'%20id='page2'%20margin='0'%20bleed='0'%20/%3e%3c/sodipodi:namedview%3e%3cstyle%20type='text/css'%20id='style1'%3e%20.st0{fill:%231F1FA3;}%20.st1{fill:url(%23SVGID_1_);}%20.st2{fill:url(%23SVGID_00000033333245342322421190000001486717665348835473_);}%20.st3{fill:url(%23SVGID_00000075852413222229328580000001131059578544388517_);}%20%3c/style%3e%3cg%20id='g9'%20transform='translate(-21.299999,-20.6)'%3e%3clinearGradient%20id='SVGID_1_'%20gradientUnits='userSpaceOnUse'%20x1='4.8695998'%20y1='142.78'%20x2='99.248901'%20y2='35.348301'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop4'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop5'%20/%3e%3c/linearGradient%3e%3crect%20x='21.299999'%20y='64'%20class='st1'%20width='19.9'%20height='97.400002'%20id='rect5'%20style='fill:url(%23SVGID_1_)'%20/%3e%3clinearGradient%20id='SVGID_00000007421653842672228110000012418760815982452352_'%20gradientUnits='userSpaceOnUse'%20x1='23.7796'%20y1='159.3925'%20x2='118.1588'%20y2='51.9608'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop6'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop7'%20/%3e%3c/linearGradient%3e%3cpath%20style='fill:url(%23SVGID_00000007421653842672228110000012418760815982452352_)'%20d='M%2072.3,64%20H%2064%20v%2075.2%20H%2085.1%20V%2076.8%20C%2085.1,69.7%2079.4,64%2072.3,64%20Z'%20id='path7'%20/%3e%3clinearGradient%20id='SVGID_00000072986549029232277750000008760038133176911550_'%20gradientUnits='userSpaceOnUse'%20x1='20.501699'%20y1='156.51289'%20x2='114.881'%20y2='49.0812'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop8'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop9'%20/%3e%3c/linearGradient%3e%3cpath%20style='fill:url(%23SVGID_00000072986549029232277750000008760038133176911550_)'%20d='M%2073.6,20.6%20H%2064%20v%2019.9%20h%209.6%20c%2019.3,0%2035.1,15.7%2035.1,35.1%20v%2044.3%20h%2019.9%20V%2075.6%20c%200,-30.3%20-24.7,-55%20-55,-55%20z'%20id='path9'%20/%3e%3c/g%3e%3c/svg%3e)
Project
Branch
Version
2025.02.x
1.2.2
Name
libsndfile
Version
1.2.2
Type
library
Description
-
Licenses
LGPL-2.1+
PURL
-
CPE
cpe:2.3:a:libsndfile_project:libsndfile:1.2.2:-:*:*:*:*:*:*
Other Versions#
Patches#
#
Title
Author
Resolve
1
mat4/mat5: fix int overflow in dataend calculation
Alex Stewart <alex.stewart@ni.com>
CVE-2022-33065
2
au: avoid int overflow while calculating data_end
Alex Stewart <alex.stewart@ni.com>
CVE-2022-33065
3
avr: fix int overflow in avr_read_header()
Alex Stewart <alex.stewart@ni.com>
CVE-2022-33065
4
sds: fix int overflow warning in sample calculations
Alex Stewart <alex.stewart@ni.com>
CVE-2022-33065
5
aiff: fix int overflow when counting header elements
Alex Stewart <alex.stewart@ni.com>
CVE-2022-33065
6
ircam: fix int overflow in ircam_read_header()
Alex Stewart <alex.stewart@ni.com>
CVE-2022-33065
7
mat4/mat5: fix int overflow when calculating blockwidth
Alex Stewart <alex.stewart@ni.com>
CVE-2022-33065
8
common: fix int overflow in psf_binheader_readf()
Alex Stewart <alex.stewart@ni.com>
CVE-2022-33065
9
nms_adpcm: fix int overflow in signal estimate
Alex Stewart <alex.stewart@ni.com>
CVE-2022-33065
10
nms_adpcm: fix int overflow in sf.frames calc
Alex Stewart <alex.stewart@ni.com>
CVE-2022-33065
11
pcm: fix int overflow in pcm_init()
Alex Stewart <alex.stewart@ni.com>
CVE-2022-33065
12
rf64: fix int overflow in rf64_read_header()
Alex Stewart <alex.stewart@ni.com>
CVE-2022-33065
13
ima_adpcm: fix int overflow in ima_reader_init()
Alex Stewart <alex.stewart@ni.com>
CVE-2022-33065
14
src/ogg: better error checking for vorbis. Fixes #1035
Arthur Taylor <art@ified.ca>
CVE-2024-50612
15
ALAC: Include config.h to avoid warnings
Marcel Telka <marcel@telka.sk>
16
Include <stdbool.h> instead of redefining `bool`, `true` and
Fabian Greffrath <fabian@greffrath.com>
Vulnerabilities#
Name
Analysis
Description
Exploitable
An issue was discovered in libsndfile 1.2.2 IMA ADPCM codec. The AIFF code path (line 241) was fixed with (sf_count_t) cast, but the WAV code path (line 235) and close path (line 167) were not. When samplesperblock (int) * blocks (int) exceeds INT_MAX, the 32-bit multiplication overflows before being assigned to sf.frames (sf_count_t/int64). With samplesperblock=50000 and blocks=50000, the product 2500000000 overflows to -1794967296. This causes incorrect frame count leading to heap buffer overflow or denial of service. Both values come from the WAV file header and are attacker-controlled. This issue was discovered after an incomplete fix for CVE-2022-33065.
Exploitable
Libsndfile <=1.2.2 contains a memory leak vulnerability in the mpeg_l3_encoder_init() function within the mpeg_l3_encode.c file.
Exploitable
A buffer overflow vulnerability exists in libsndfile version 1.2.2 and potentially earlier versions when processing malformed IRCAM audio files. The vulnerability occurs in the ircam_read_header function at src/ircam.c:164 during sample rate processing, leading to memory corruption and potential code execution.
Exploitable
libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_encode.c mpeg_l3_encoder_close.
Patched
libsndfile through 1.2.2 has an ogg_vorbis.c vorbis_analysis_wrote out-of-bounds read.
Patched
Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts.