CVE-2026-37555
CVE-2026-37555
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7.5EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Ciclo de vida
29 abr 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
An issue was discovered in libsndfile 1.2.2 IMA ADPCM codec. The AIFF code path (line 241) was fixed with (sf_count_t) cast, but the WAV code path (line 235) and close path (line 167) were not. When samplesperblock (int) * blocks (int) exceeds INT_MAX, the 32-bit multiplication overflows before being assigned to sf.frames (sf_count_t/int64). With samplesperblock=50000 and blocks=50000, the product 2500000000 overflows to -1794967296. This causes incorrect frame count leading to heap buffer overflow or denial of service. Both values come from the WAV file header and are attacker-controlled. This issue was discovered after an incomplete fix for CVE-2022-33065.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Productos afectados
n/a · n/a¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://access.redhat.com/errata/RHSA-2026:19559https://access.redhat.com/errata/RHSA-2026:19560https://access.redhat.com/errata/RHSA-2026:19610https://access.redhat.com/errata/RHSA-2026:23221https://access.redhat.com/errata/RHSA-2026:23222https://access.redhat.com/errata/RHSA-2026:23223https://access.redhat.com/errata/RHSA-2026:25092https://access.redhat.com/errata/RHSA-2026:25197https://access.redhat.com/errata/RHSA-2026:25198https://access.redhat.com/errata/RHSA-2026:25227https://access.redhat.com/errata/RHSA-2026:30078https://access.redhat.com/errata/RHSA-2026:30087