Approved changes feed: RSS · Atom
cpe:2.3:a:alsa-project:alsa:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Alsa Project (d432708d-e20b-5a45-b172-5b1ab54545de) |
|---|---|
| Product | Alsa (e2cc3b9e-66ca-53fb-a172-322a37b93670) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2019-13351 |
vulnerable | 2026-06-08 05:12:42.158004 |
Details available
posix/JackSocket.cpp in libjack in JACK2 1.9.1 through 1.9.12 (as distributed with alsa-plugins 1.1.7 and later) has a "double file descriptor close" issue during a failed connection attempt when jackd2 is not running. Exploitation success depends on multithreaded timing of that double close, which can result in unintended information disclosure, crashes, or file corruption due to having the wrong file associated with the file descriptor.
Published: 2019-07-05T19:20:39.000Z
Updated: 2024-08-04T23:49:24.816Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2009-0035 |
vulnerable | 2026-06-08 04:51:07.146311 |
Details available
alsa-utils 1.0.19 and later versions allows local users to overwrite arbitrary files via a symlink attack via the /usr/bin/alsa-info and /usr/bin/alsa-info.sh scripts.
Published: 2019-11-09T02:02:21.000Z
Updated: 2024-08-07T04:17:10.368Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.