USN-7273-1: libsndfile vulnerabilities

Packages

libsndfile - Library for reading/writing audio files

Details

It was discovered that libsndfile incorrectly handled memory when executing
its FLAC codec. If a user or automated system were tricked into processing
a specially crafted sound file, an attacker could possibly use this issue
to cause a denial of service or obtain sensitive information.
(CVE-2021-4156)

It was discovered that libsndfile incorrectly handled certain malformed
OggVorbis files. An attacker could possibly use this issue to cause
libsndfile to crash, resulting in a denial of service. (CVE-2024-50612)

It was discovered that libsndfile incorrectly handled memory when executing
its FLAC codec. If a user or automated system were tricked into processing
a specially crafted sound file, an attacker could possibly use this issue
to cause a denial of service or obtain sensitive information.
(CVE-2021-4156)

It was discovered that libsndfile incorrectly handled certain malformed
OggVorbis files. An attacker could possibly use this issue to cause
libsndfile to crash, resulting in a denial of service. (CVE-2024-50612)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

Ubuntu Release	Package Version
22.04 jammy	libsndfile1 – 1.0.31-2ubuntu0.2
22.04 jammy	sndfile-programs – 1.0.31-2ubuntu0.2
20.04 focal	libsndfile1 – 1.0.28-7ubuntu0.3
20.04 focal	sndfile-programs – 1.0.28-7ubuntu0.3
18.04 bionic	libsndfile1 – 1.0.28-4ubuntu0.18.04.2+esm2
18.04 bionic	sndfile-programs – 1.0.28-4ubuntu0.18.04.2+esm2
14.04 trusty	libsndfile1 – 1.0.25-7ubuntu2.2+esm4
14.04 trusty	sndfile-programs – 1.0.25-7ubuntu2.2+esm4

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

Packages

Details

Update instructions

Reduce your security exposure

References

Related notices