SUSE Package Hub - SUSE-PackageHub-16.0-793

Update Info

SUSE-PackageHub-16.0-793

Security update for libsndfile

Type: security

Severity: important

Issued: 2026-05-22

Description:

This update for libsndfile fixes the following issues

- CVE-2025-52194: buffer overflow in the ircam_read_header function of file src/ircam.c when processing malformed IRCAM
  audio files (bsc#1248458).
- CVE-2025-56226: memory leak in the `mpeg_l3_encoder_init()` function of `mpeg_l3_encode.c` (bsc#1256702).
- CVE-2026-37555: IMA-ADPCM integer overflow (bsc#1263695).

Changes for libsndfile:

References

CVE: CVE-2026-37555
CVE: CVE-2025-56226
CVE: CVE-2025-52194
Bugzilla: 1263695 VUL-0: CVE-2026-37555: libsndfile: IMA-ADPCM integer overflow (incomplete fix for )
Bugzilla: 1256702 VUL-0: CVE-2025-56226: libsndfile: memory leak in the `mpeg_l3_encoder_init()` function of `mpeg_l3_encode.c`
Bugzilla: 1248458 VUL-0: CVE-2025-52194: libsndfile: buffer overflow in the ircam_read_header function of file src/ircam.c when processing malformed IRCAM audio files

Packages

libsndfile-1.2.2-160000.4.1

libsndfile-progs-1.2.2-160000.4.1