MGASA-2026-0215

CVE-2025-52194 A buffer overflow vulnerability exists in libsndfile version 1.2.2 and potentially earlier versions when processing malformed IRCAM audio files. The vulnerability occurs in the ircamreadheader function at src/ircam.c:164 during sample rate processing, leading to memory corruption and potential code execution. CVE-2025-56226 Libsndfile <=1.2.2 contains a memory leak vulnerability in the mpegl3encoderinit() function within the mpegl3encode.c file. CVE-2026-37555 An issue was discovered in libsndfile 1.2.2 IMA ADPCM codec. The AIFF code path (line 241) was fixed with (sfcountt) cast, but the WAV code path (line 235) and close path (line 167) were not. When samplesperblock (int) * blocks (int) exceeds INTMAX, the 32-bit multiplication overflows before being assigned to sf.frames (sfcountt/int64). With samplesperblock=50000 and blocks=50000, the product 2500000000 overflows to -1794967296. This causes incorrect frame count leading to heap buffer overflow or denial of service. Both values come from the WAV file header and are attacker-controlled. This issue was discovered after an incomplete fix for CVE-2022-33065.