USN-5409-1: libsndfile vulnerability
10 May 2022
libsndfile could be made to crash or expose sensitive information if it received specially crafted input.
- libsndfile - Library for reading/writing audio files
It was discovered that libsndfile was incorrectly performing memory
management operations and incorrectly using buffers when executing
its FLAC codec. If a user or automated system were tricked into
processing a specially crafted sound file, an attacker could
possibly use this issue to cause a denial of service or obtain
The problem can be corrected by updating your system to the following package versions:
- libsndfile1 - 1.0.25-10ubuntu0.16.04.3+esm2
- libsndfile1-dev - 1.0.25-10ubuntu0.16.04.3+esm2
- sndfile-programs - 1.0.25-10ubuntu0.16.04.3+esm2
In general, a standard system update will make all the necessary changes.