Bug#1111876: libsndfile: CVE-2025-52194

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1111876: libsndfile: CVE-2025-52194
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sat, 23 Aug 2025 10:21:58 +0200
Message-id: <[🔎] 175593731895.3135635.8529576910405767127.reportbug@eldamar.lan>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 1111876@bugs.debian.org

Source: libsndfile
Version: 1.2.2-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/libsndfile/libsndfile/issues/1082
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerability was published for libsndfile.

CVE-2025-52194[0]:
| A buffer overflow vulnerability exists in libsndfile version 1.2.2
| and potentially earlier versions when processing malformed IRCAM
| audio files. The vulnerability occurs in the ircam_read_header
| function at src/ircam.c:164 during sample rate processing, leading
| to memory corruption and potential code execution.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-52194
    https://www.cve.org/CVERecord?id=CVE-2025-52194
[1] https://github.com/libsndfile/libsndfile/issues/1082

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Reply to:

Prev by Date: zynaddsubfx is marked for autoremoval from testing
Next by Date: Processing of a2jmidid_9-4_source.changes
Previous by thread: zynaddsubfx is marked for autoremoval from testing
Next by thread: Processing of a2jmidid_9-4_source.changes
Index(es):
- Date
- Thread