Language:

Information about definition

Identificator: INFSA-2024:11192

Type: security

Release date: 2025-07-07 18:21:20 UTC

Information about package

libsndfile is a C library for reading and writing files containing sampled sound, such as AIFF, AU, or WAV.

Vulnerabilities description

CVE-2024-50612
libsndfile through 1.2.2 has an ogg_vorbis.c vorbis_analysis_wrote out-of-bounds read.

Severity level

CVE	Score CVSS 2.0	Score CVSS 3.x	Score CVSS 4.0
NIST — CVE-2024-50612	no information	5.5	no information

Critical, important, moderate, low

Updated packages

INFSA-2024:11192: libsndfile security update