汇总 libsndfile_project 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
常见弱点模式包括 缓冲区溢出与内存损坏,在 生产负载与软件部署 使用场景中可能带来 应用崩溃与内存损坏 等风险。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2026-37555 | An issue was discovered in libsndfile 1.2.2 IMA ADPCM codec. The AIFF code path (line 241) was fixed with (sf_count_t) cast, but the WAV code path (line 235) and close path (line 167) were not. When samplesperblock (int) * blocks (int) exceeds INT_MAX, the 32-bit multiplication overflows before being assigned to sf.frames (sf_count_t/int64). With samplesperblock=50000 and blocks=50000, the product 2500000000 overflows to -1794967296. This causes incorrect frame count leading to heap buffer overf | [email protected] | 7.5 | 0.50% | 2026-04-29 | 2026-06-29 |
| CVE-2025-56226 | Libsndfile <=1.2.2 contains a memory leak vulnerability in the mpeg_l3_encoder_init() function within the mpeg_l3_encode.c file. | [email protected] | 5.3 | 0.31% | 2026-01-14 | 2026-06-17 |
| CVE-2025-52194 | A buffer overflow vulnerability exists in libsndfile version 1.2.2 and potentially earlier versions when processing malformed IRCAM audio files. The vulnerability occurs in the ircam_read_header function at src/ircam.c:164 during sample rate processing, leading to memory corruption and potential code execution. | [email protected] | 7.5 | 0.58% | 2025-08-21 | 2026-06-17 |
| CVE-2024-50613 | libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_encode.c mpeg_l3_encoder_close. | [email protected] | 6.5 | 0.51% | 2024-10-27 | 2026-06-17 |
| CVE-2024-50612 | libsndfile through 1.2.2 has an ogg_vorbis.c vorbis_analysis_wrote out-of-bounds read. | [email protected] | 5.5 | 0.31% | 2024-10-27 | 2026-06-17 |
| CVE-2022-33065 | Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts. | [email protected] | 7.8 | 0.37% | 2023-07-18 | 2026-06-17 |
| CVE-2022-33064 | An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0, results in a write out of bound, which allows an attacker to execute arbitrary code, Denial of Service or other unspecified impacts. | [email protected] | 7.8 | 0.31% | 2023-07-18 | 2026-06-17 |
| CVE-2021-4156 | An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most likely cause a crash but could potentially leak memory information that could be used in further exploitation of other flaws. | [email protected] | 7.1 | 1.75% | 2022-03-23 | 2026-06-17 |
| CVE-2021-3246 | A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file. | [email protected] | 8.8 | 3.30% | 2021-07-20 | 2026-06-17 |
| CVE-2019-3832 | It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash. | [email protected] | 5.5 | 0.51% | 2019-03-21 | 2026-06-16 |
| CVE-2018-19758 | There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service. | [email protected] | 6.5 | 1.69% | 2018-11-29 | 2026-06-16 |
| CVE-2018-19662 | An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service. | [email protected] | 8.1 | 2.32% | 2018-11-29 | 2026-06-16 |
| CVE-2018-19661 | An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of service. | [email protected] | 6.5 | 2.11% | 2018-11-29 | 2026-06-16 |
| CVE-2018-19432 | An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service. | [email protected] | 6.5 | 2.96% | 2018-11-22 | 2026-06-16 |
| CVE-2018-13419 | An issue has been found in libsndfile 1.0.28. There is a memory leak in psf_allocate in common.c, as demonstrated by sndfile-convert. NOTE: The maintainer and third parties were unable to reproduce and closed the issue | [email protected] | 6.5 | 1.27% | 2018-07-07 | 2026-06-16 |
| CVE-2018-13139 | A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave. | [email protected] | 8.8 | 3.57% | 2018-07-04 | 2026-06-16 |
| CVE-2017-16942 | In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS when playing a crafted audio file. | [email protected] | 6.5 | 1.23% | 2017-11-25 | 2026-06-16 |
| CVE-2017-14246 | An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. | [email protected] | 8.1 | 2.23% | 2017-09-21 | 2026-06-16 |
| CVE-2017-14245 | An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. | [email protected] | 8.1 | 2.04% | 2017-09-21 | 2026-06-16 |
| CVE-2017-14634 | In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file. | [email protected] | 6.5 | 2.08% | 2017-09-21 | 2026-06-16 |