Fabre

#1135346 libsndfile: CVE-2026-37555 #1135346

Package:: src:libsndfile

Source:: src:libsndfile

Submitter:: Salvatore Bonaccorso

Date:: 2026-05-03 14:19:01 UTC

Severity:: normal

Tags:

#1135346#5

Date:: 2026-05-01 12:15:00 UTC

From:

To:

Hi,

The following vulnerability was published for libsndfile.

CVE-2026-37555[0]:
| An issue was discovered in libsndfile 1.2.2 IMA ADPCM codec. The
| AIFF code path (line 241) was fixed with (sf_count_t) cast, but the
| WAV code path (line 235) and close path (line 167) were not. When
| samplesperblock (int) * blocks (int) exceeds INT_MAX, the 32-bit
| multiplication overflows before being assigned to sf.frames
| (sf_count_t/int64). With samplesperblock=50000 and blocks=50000, the
| product 2500000000 overflows to -1794967296. This causes incorrect
| frame count leading to heap buffer overflow or denial of service.
| Both values come from the WAV file header and are attacker-
| controlled. This issue was discovered after an incomplete fix for
| CVE-2022-33065.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-37555
https://www.cve.org/CVERecord?id=CVE-2026-37555
[1] https://www.openwall.com/lists/oss-security/2026/04/30/7

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

#1135346 libsndfile: CVE-2026-37555 #1135346

Just Reply to ...

Reply to submitter ...

Send control command (Silently)

Set Architecture Tags (Silently)