CVE-2024-50612

Name
CVE-2024-50612
Description
libsndfile through 1.2.2 has an ogg_vorbis.c vorbis_analysis_wrote out-of-bounds read.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
https://github.com/libsndfile/libsndfile/issues/1035

Match rules

CPE URI Source package Min version Max version
n/a == n/a == n/a
cpe:2.3:a:libsndfile_project:libsndfile:-:*:*:*:*:*:*:* libsndfile >= 0 <= 1.2.2

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
libsndfile edge-main 1.2.2-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libsndfile 3.20-main 1.2.2-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libsndfile 3.19-main 1.2.2-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libsndfile 3.18-main 1.2.0-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libsndfile 3.17-main 1.1.0-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable