There are 3 open security issues in bookworm.
3 issues left for the package maintainer to handle:
- CVE-2022-33064:
(postponed; to be fixed through a stable update)
An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0, results in a write out of bound, which allows an attacker to execute arbitrary code, Denial of Service or other unspecified impacts.
- CVE-2024-50613:
(postponed; to be fixed through a stable update)
libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_encode.c mpeg_l3_encoder_close.
- CVE-2025-52194:
(needs triaging)
A buffer overflow vulnerability exists in libsndfile version 1.2.2 and potentially earlier versions when processing malformed IRCAM audio files. The vulnerability occurs in the ircam_read_header function at src/ircam.c:164 during sample rate processing, leading to memory corruption and potential code execution.
You can find information about how to handle these issues in the security team's documentation.