Alerts This Week
Warning Icon 1 1,394
Alerts This Week
Warning Icon 1 1,394

Ubuntu 24.10 and 24.04 LTS USN-7267-2: libsndfile DoS Fix

ubuntu
Calendar Grey February 25, 2025
Dist Ubuntu Esm H88
Ubuntu Security Notice USN-7278-1 addresses a critical vulnerability in libjpeg-turbo, aimed at mitigating the risk of potential exploitation and ensuring system stability.
libsndfile could be made to crash if it opened a specially crafted file.

Summary

libsndfile could be made to crash if it opened a specially crafted file.

Software Description:

- libsndfile: Library for reading/writing audio files

Details:

USN-7267-1 fixed a vulnerability in libsndfile. This update provides

the corresponding updates for Ubuntu 24.04 LTS and Ubuntu 24.10.

Original advisory details:

 It was discovered that libsndfile incorrectly handled certain malformed

 OggVorbis files. An attacker could possibly use this issue to cause

 libsndfile to crash, resulting in a denial of service.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
   libsndfile1                     1.2.2-1ubuntu5.24.10.1
   sndfile-programs                1.2.2-1ubuntu5.24.10.1

Ubuntu 24.04 LTS
   libsndfile1                     1.2.2-1ubuntu5.24.04.1
   sndfile-programs                1.2.2-1ubuntu5.24.04.1

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-7267-2

  https://ubuntu.com/security/notices/USN-7267-1

  CVE-2024-50612

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7267-2

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here