- Vulnerability/
- USN-7273-1
USN-7273-1: libsndfile vulnerabilities
First published: Tue Feb 18 2025(Updated: )
It was discovered that libsndfile incorrectly handled memory when executing its FLAC codec. If a user or automated system were tricked into processing a specially crafted sound file, an attacker could possibly use this issue to cause a denial of service or obtain sensitive information. (CVE-2021-4156) It was discovered that libsndfile incorrectly handled certain malformed OggVorbis files. An attacker could possibly use this issue to cause libsndfile to crash, resulting in a denial of service. (CVE-2024-50612)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/libsndfile1 | <1.0.31-2ubuntu0.2 | 1.0.31-2ubuntu0.2 |
| Ubuntu | =22.04 | |
| All of | ||
| ubuntu/sndfile-programs | <1.0.31-2ubuntu0.2 | 1.0.31-2ubuntu0.2 |
| Ubuntu | =22.04 | |
| All of | ||
| ubuntu/libsndfile1 | <1.0.28-7ubuntu0.3 | 1.0.28-7ubuntu0.3 |
| Ubuntu | =20.04 | |
| All of | ||
| ubuntu/sndfile-programs | <1.0.28-7ubuntu0.3 | 1.0.28-7ubuntu0.3 |
| Ubuntu | =20.04 | |
| All of | ||
| ubuntu/libsndfile1 | <1.0.28-4ubuntu0.18.04.2+esm2 | 1.0.28-4ubuntu0.18.04.2+esm2 |
| Ubuntu | =18.04 | |
| All of | ||
| ubuntu/sndfile-programs | <1.0.28-4ubuntu0.18.04.2+esm2 | 1.0.28-4ubuntu0.18.04.2+esm2 |
| Ubuntu | =18.04 | |
| All of | ||
| ubuntu/libsndfile1 | <1.0.25-7ubuntu2.2+esm4 | 1.0.25-7ubuntu2.2+esm4 |
| Ubuntu | =14.04 | |
| All of | ||
| ubuntu/sndfile-programs | <1.0.25-7ubuntu2.2+esm4 | 1.0.25-7ubuntu2.2+esm4 |
| Ubuntu | =14.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2021-4156
- https://ubuntu.com/security/CVE-2024-50612
- https://ubuntu.com/security/notices/USN-5409-1
- https://ubuntu.com/security/notices/USN-7267-1
- https://launchpad.net/ubuntu/+source/libsndfile/1.0.31-2ubuntu0.2
- https://launchpad.net/ubuntu/+source/libsndfile/1.0.28-7ubuntu0.3
- https://ubuntu.com/security/notices/USN-7273-1 (Advisory)
Frequently Asked Questions
What is the severity of USN-7273-1?
The severity of USN-7273-1 is categorized as high due to potential denial of service and information leakage risks.
What are the affected versions in USN-7273-1?
USN-7273-1 affects specific versions of libsndfile1 and sndfile-programs across various Ubuntu releases including 22.04, 20.04, 18.04, and 14.04.
How do I fix USN-7273-1?
To fix USN-7273-1, update to the recommended package versions mentioned in the advisory for your Ubuntu release.
What types of issues does USN-7273-1 address?
USN-7273-1 addresses vulnerabilities related to memory handling in the FLAC codec of libsndfile.
Can USN-7273-1 affect automated systems?
Yes, USN-7273-1 can impact automated systems if they process specially crafted sound files, leading to potential denial of service.
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- agent/title
- agent/references
- agent/source
- agent/last-modified-date
- agent/type
- agent/softwarecombine
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu
- version/ubuntu/22.04
- version/ubuntu/20.04
- version/ubuntu/18.04
- version/ubuntu/14.04