Oracle Linux: CVE-2024-50612: ELSA-2024-11192: libsndfile security update (MODERATE) (Multiple Advisories)

Oracle Linux: CVE-2024-50612: ELSA-2024-11192:libsndfile security update (MODERATE) (Multiple Advisories)

Severity

5

CVSS

(AV:L/AC:L/Au:S/C:N/I:N/A:C)

Published

10/27/2024

Created

12/20/2024

Added

12/18/2024

Modified

12/26/2024

Description

libsndfile through 1.2.2 has an ogg_vorbis.c vorbis_analysis_wrote out-of-bounds read. A flaw was found in the libsndfile package. A specially crafted input file may trigger an out-of-bounds read, leading to memory corruption and a denial of service.

Solution(s)

• oracle-linux-upgrade-libsndfile
• oracle-linux-upgrade-libsndfile-devel
• oracle-linux-upgrade-libsndfile-utils

References

• https://attackerkb.com/topics/cve-2024-50612
• CVE - 2024-50612
• ELSA-2024-11192
• ELSA-2024-11237