Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 40: 2025-34421311f4 critical: libxmp buffer overflow

fedora
Calendar Grey May 13, 2025
Dist Fedora Esm H88
Fedora 40 rolls out an upgrade for libxmp, addressing a severe stack-based buffer overflow vulnerability found in the Pha Packer loader, thereby enhancing system security.
Fixes CVE-2025-47256 .

Summary

Libxmp is a library that renders module files to PCM data. It supports

over 90 mainstream and obscure module formats including Protracker (MOD),

Scream Tracker 3 (S3M), Fast Tracker II (XM), and Impulse Tracker (IT).

Many compressed module formats are supported, including popular Unix, DOS,

and Amiga file packers including gzip, bzip2, SQSH, Powerpack, etc.

Update Information:

Fixes CVE-2025-47256 .

Topics%20covered

Topics Covered

security advisory buffer overflow Fedora CVE fix libxmp module playback

Change Log

* Wed May 7 2025 Michael Schwendt - 4.6.2-3 - Fix array subscript underflow in Pha Packer loader (CVE-2025-47256). * Wed May 7 2025 Michael Schwendt - 4.6.2-2 - own cmake libxmp dir

References


[ 1 ] Bug #2364611 - CVE-2025-47256 libxmp: stack-based buffer overflow via a malformed Pha format tracker module [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2364611

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-34421311f4' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: libxmp
Product: Fedora 40
Version: 4.6.2
Release: 3.fc40
URL:
Summary: A multi-format module playback library

Topics%20covered

Topics Covered

security advisory buffer overflow Fedora CVE fix libxmp module playback

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here