Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-52194

Опубликовано: 21 авг. 2025
Источник: redhat
CVSS3: 8.2

Описание

A buffer overflow vulnerability exists in libsndfile version 1.2.2 and potentially earlier versions when processing malformed IRCAM audio files. The vulnerability occurs in the ircam_read_header function at src/ircam.c:164 during sample rate processing, leading to memory corruption and potential code execution.

A flaw was found in the libsndfile library. A buffer overflow can be triggered when a specially crafted IRCAM audio file is processed, specifically when attempting to set the sample rate. This issue can cause a crash to the application linked to the library and result in a denial of service.

Отчет

To exploit this flaw, an attacker needs to be able to process a specially crafted IRCAM audio file with the application linked to the libsndfile library. Additionally, this issue can cause memory corruption, but the most likely impact is an application crash via a SIGILL signal due to an illegal instruction. Due to these reasons, this vulnerability has been rated with a Moderate severity.

Меры по смягчению последствий

Do not process untrusted IRCAM audio files with the libsndfile library.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10libsndfileAffected
Red Hat Enterprise Linux 6libsndfileOut of support scope
Red Hat Enterprise Linux 7libsndfileAffected
Red Hat Enterprise Linux 8libsndfileAffected
Red Hat Enterprise Linux 9libsndfileAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-120
https://bugzilla.redhat.com/show_bug.cgi?id=2390103libsndfile: buffer overflow when processing crafted IRCAM audio files

8.2 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-52194

CVSS3: 7.5
ubuntu
18 дней назад

A buffer overflow vulnerability exists in libsndfile version 1.2.2 and potentially earlier versions when processing malformed IRCAM audio files. The vulnerability occurs in the ircam_read_header function at src/ircam.c:164 during sample rate processing, leading to memory corruption and potential code execution.

nvd логотип

CVE-2025-52194

CVSS3: 7.5
nvd
18 дней назад

A buffer overflow vulnerability exists in libsndfile version 1.2.2 and potentially earlier versions when processing malformed IRCAM audio files. The vulnerability occurs in the ircam_read_header function at src/ircam.c:164 during sample rate processing, leading to memory corruption and potential code execution.

debian логотип

CVE-2025-52194

CVSS3: 7.5
debian
18 дней назад

A buffer overflow vulnerability exists in libsndfile version 1.2.2 and ...

github логотип

GHSA-3w6g-vv96-4ph6

CVSS3: 7.5
github
18 дней назад

A buffer overflow vulnerability exists in libsndfile version 1.2.2 and potentially earlier versions when processing malformed IRCAM audio files. The vulnerability occurs in the ircam_read_header function at src/ircam.c:164 during sample rate processing, leading to memory corruption and potential code execution.

8.2 High

CVSS3