Fedora Account System
Red Hat Associate
Red Hat Customer
An issue was discovered in libsndfile 1.2.2 IMA ADPCM codec. The AIFF code path (line 241) was fixed with (sf_count_t) cast, but the WAV code path (line 235) and close path (line 167) were not. When samplesperblock (int) * blocks (int) exceeds INT_MAX, the 32-bit multiplication overflows before being assigned to sf.frames (sf_count_t/int64). With samplesperblock=50000 and blocks=50000, the product 2500000000 overflows to -1794967296. This causes incorrect frame count leading to heap buffer overflow or denial of service. Both values come from the WAV file header and are attacker-controlled. This issue was discovered after an incomplete fix for CVE-2022-33065.
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:19560 https://access.redhat.com/errata/RHSA-2026:19560
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:19559 https://access.redhat.com/errata/RHSA-2026:19559
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:19610 https://access.redhat.com/errata/RHSA-2026:19610
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2026:23221 https://access.redhat.com/errata/RHSA-2026:23221
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions Via RHSA-2026:23222 https://access.redhat.com/errata/RHSA-2026:23222
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.6 Extended Update Support Via RHSA-2026:23223 https://access.redhat.com/errata/RHSA-2026:23223
This issue has been addressed in the following products: Red Hat Enterprise Linux 10.0 Extended Update Support Via RHSA-2026:25092 https://access.redhat.com/errata/RHSA-2026:25092
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Via RHSA-2026:25197 https://access.redhat.com/errata/RHSA-2026:25197
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On Via RHSA-2026:25198 https://access.redhat.com/errata/RHSA-2026:25198
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Via RHSA-2026:25227 https://access.redhat.com/errata/RHSA-2026:25227