Debian 11: Critical DoS Vulnerabilities Resolved in libsndfile DLA-4287-1
debian lts
September 1, 2025
Two vulnerabilities have been fixed in the audio data read/write library libsndfile
Topics Covered
Summary
Two vulnerabilities have been fixed in the audio data read/write library
libsndfile.
CVE-2022-33065
Multiple signed integers overflow in function au_read_header in src/au.c
and in functions mat4_open and mat4_read_header in src/mat4.c in
Libsndfile, allows an attacker to cause Denial of Service or other
unspecified impacts.
CVE-2024-50612
Out-of-bounds read in ogg_vorbis.c vorbis_analysis_wrote() can cause
memory corruption when parsing a specially crafted input file. This
vulnerability leads to Denial of Service (DoS).
For Debian 11 bullseye, these problems have been fixed in version
1.0.31-2+deb11u1.
We recommend that you upgrade your libsndfile packages.
For the detailed security status of libsndfile please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/libsndfile
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: libsndfile
Version: 1.0.31-2+deb11u1
CVE ID: CVE-2022-33065 CVE-2024-50612
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!