|
|
Log in / Subscribe / Register

Ubuntu alert USN-7267-2 (libsndfile)



From:
              Ian Constantin <ian.constantin@canonical.com>


To:
              ubuntu-security-announce@lists.ubuntu.com


Subject:
              [USN-7267-2] libsndfile vulnerability


Date:
              Tue, 25 Feb 2025 15:40:39 +0200


Message-ID:
              <65b75b0a-4605-402f-9ebc-19d500ed677a@canonical.com>


==========================================================================
Ubuntu Security Notice USN-7267-2
February 25, 2025

libsndfile vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10
- Ubuntu 24.04 LTS

Summary:

libsndfile could be made to crash if it opened a specially crafted file.

Software Description:
- libsndfile: Library for reading/writing audio files

Details:

USN-7267-1 fixed a vulnerability in libsndfile. This update provides
the corresponding updates for Ubuntu 24.04 LTS and Ubuntu 24.10.

Original advisory details:

  It was discovered that libsndfile incorrectly handled certain malformed
  OggVorbis files. An attacker could possibly use this issue to cause
  libsndfile to crash, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
   libsndfile1                     1.2.2-1ubuntu5.24.10.1
   sndfile-programs                1.2.2-1ubuntu5.24.10.1

Ubuntu 24.04 LTS
   libsndfile1                     1.2.2-1ubuntu5.24.04.1
   sndfile-programs                1.2.2-1ubuntu5.24.04.1

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-7267-2
   https://ubuntu.com/security/notices/USN-7267-1
   CVE-2024-50612

Package Information:
https://launchpad.net/ubuntu/+source/libsndfile/1.2.2-1ub...
https://launchpad.net/ubuntu/+source/libsndfile/1.2.2-1ub...





Attachment: OpenPGP_signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

wsD5BAABCAAjFiEEcxdv4gCCE8W9nrt5a1+PL+d1/EgFAme9yFcFAwAAAAAACgkQa1+PL+d1/Eje
UgwAp/iBIQTX+GCMkPxGWAbSeUEw1O5YxVEL9tFVHmlIeIi0DiW0vhpyOTGmoF2j18gW9gEwRvP4
En/y2gu8ft1XXJ9cQX9icNS9Phay9/vZa9ohCFVQBGX9CrYK2VsatBb3G2Rfdr+4T6qSsqqwNLlU
1VGgeyNC0g5lizRwo/+1jENpSmRoohwsjTyhWQfksfoiEy406pTkurC5nVZgZSvwlOZmu/2CdsnB
Std5yRgx/x6bH4c0DT5NS7DT85xdOhrzKC2POCLjrKIrNGKq24lVLR4XCGiJJrC01mO4g12oundj
WkEAlPQi6yQYytPd5gwcj5gqtScDaknPGyieRf+6djt0V4Re7Nf/XQINls98wxjUgQ5P60Q7JJH8
58o81PNr6TBbzBdlvc9TeFD2MQ7oqQ4MCjF8XGTGk/vb5uZuhVJTYDZSE+pd2qRUAbAjOsMmiLMC
yc8D8zmvhGq4H96t+iaSeyduagZslDmEmolJ/AFyZjDH2NndEKgfNSudFGx0
=yKha
-----END PGP SIGNATURE-----




Attachment: None (type=text/plain)
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds