Approved changes feed: RSS · Atom
cpe:2.3:a:alsa_project:alsa-lib:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Alsa Project (d65b07fa-8fbb-5f5d-a9ab-8292dc0c35ae) |
|---|---|
| Product | Alsa Lib (08a7d1ec-fa17-5d75-92c2-a740bdf81c73) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-25068 |
vulnerable | 2026-06-08 07:53:18.913149 |
alsa-lib 1.2.15.2 Topology Decoder Heap-based Buffer Overflow
alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplg_decode_control_mixer1() function reads the num_channels field from untrusted .tplg data and uses it as a loop bound without validating it against the fixed-size channel array (SND_TPLG_MAX_CHAN). A crafted topology file with an excessive num_channels value can cause out-of-bounds heap writes, leading to a crash.
Published: 2026-01-29T19:08:03.986Z
Updated: 2026-05-25T23:41:42.812Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.