Primary

Context

libsndfile Buffer Overflow Vulnerability in IRCAM File Processing

Vulnerability

A buffer overflow vulnerability has been identified in libsndfile versions through 1.2.2, when handling malformed IRCAM audio files. The issue arises in the 'ircam_read_header' function, specifically during sample rate processing, leading to memory corruption and potential code execution.

Impact

Exploitation of this vulnerability causes a buffer overflow, leading to memory corruption and the possibility of arbitrary code execution.

Reproduction

The vulnerability can be reproduced by compiling libsndfile with AddressSanitizer (ASAN) instrumentation, and then running the library with a specially crafted IRCAM file that triggers the buffer overflow. The 'ircam_read_header' function will crash with an illegal instruction error, indicating the memory corruption caused by the malformed file.

Added: Aug 21, 2025, 3:27 PM

Updated: Aug 21, 2025, 3:27 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

5.8

remediation

0.0

relevance

0.4

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

5.8

remediation

0.0

relevance

0.4

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

libsndfile Buffer Overflow Vulnerability in IRCAM File Processing

Vulnerability

Impact

Reproduction

Affected Products

libsndfile

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating