A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file. Upstream Reference: https://github.com/libsndfile/libsndfile/issues/687
Created libsndfile tracking bugs for this issue: Affects: fedora-all [bug 1984320]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:3253 https://access.redhat.com/errata/RHSA-2021:3253
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-3246
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:3297 https://access.redhat.com/errata/RHSA-2021:3297
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:3298 https://access.redhat.com/errata/RHSA-2021:3298
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:3295 https://access.redhat.com/errata/RHSA-2021:3295