CLSA-2026:1780515309

[CLSA-2026:1780515309] libsndfile: Fix of CVE-2026-37555

Type:

security

Severity:

Important

Release date:

2026-06-03 19:35:22 UTC

Description:

- CVE-2026-37555: fix integer overflow in src/ima_adpcm.c when computing
  sf.frames from samplesperblock * blocks; pre-cast samplesperblock to
  sf_count_t before the multiplication so a crafted WAV/AIFF audio file
  cannot trigger a heap buffer overflow (lifted verbatim from upstream
  libsndfile 0e1d2664 / RH RHEL-174543)

CVEs fixed:

CVE-2026-37555

Updated packages:

libsndfile-1.0.31-9.el9_6.tuxcare.els1.i686.rpm
sha:2eaf9e576244389c0374b37a3d17fd67834efd01dbd440526ff849788c2af842
libsndfile-1.0.31-9.el9_6.tuxcare.els1.x86_64.rpm
sha:be233ea5d3e18e15e7619b40b204ee0371c8e2157f5d183d3d899cf7b1283f33
libsndfile-devel-1.0.31-9.el9_6.tuxcare.els1.i686.rpm
sha:f082e9a8839c02167df86137405d9a5d1005b8e56fd1e144a6ea44f884325da2
libsndfile-devel-1.0.31-9.el9_6.tuxcare.els1.x86_64.rpm
sha:2de403c11156e62f6bb9be561806921715f20954fab12e33e3f87c7e6403f1ff
libsndfile-utils-1.0.31-9.el9_6.tuxcare.els1.x86_64.rpm
sha:784c850394925ac29bf619bb0ede43939036a1c64b61d6420f1c783a39876a8d

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.