CVE-2025-52194

A buffer overflow vulnerability exists in libsndfile version 1.2.2 and potentially earlier versions when processing malformed IRCAM audio files. The vulnerability occurs in the ircam_read_header function at src/ircam.c:164 during sample rate processing, leading to memory corruption and potential code execution.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://bushido-sec.com/index.php/2025/08/08/libsndfile-buffer-overflow/
https://github.com/libsndfile
https://github.com/libsndfile/libsndfile/issues/1082

Configurations

No configuration.

History

22 Aug 2025, 18:09

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad de desbordamiento de búfer en libsndfile versión 1.2.2 y posiblemente versiones anteriores al procesar archivos de audio IRCAM malformados. La vulnerabilidad se produce en la función ircam_read_header en src/ircam.c:164 durante el procesamiento de la frecuencia de muestreo, lo que provoca corrupción de memoria y posible ejecución de código.

21 Aug 2025, 20:15

Type	Values Removed	Values Added
CWE		CWE-121
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5

21 Aug 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-21 15:15

Updated : 2025-08-22 18:09

NVD link : CVE-2025-52194

Mitre link : CVE-2025-52194

CVE.ORG link : CVE-2025-52194

JSON object : View

Products Affected

No product.

CWE

CWE-121

Stack-based Buffer Overflow

7.5 /10