Nixpkgs security tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: alsa-lib

Found 2 matching suggestions

View:
Compact
Detailed
Published
Permalink CVE-2026-56109
7.0 HIGH
  • CVSS version (CVSS): 4.0
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Attack Requirement (AT): None (N)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Vulnerable System Impact Confidentiality (VC): None (N)
  • Vulnerable System Impact Integrity (VI): Low (L)
  • Vulnerable System Impact Availability (VA): High (H)
  • Subsequent System Impact Confidentiality (SC): None (N)
  • Subsequent System Impact Integrity (SI): None (N)
  • Subsequent System Impact Availability (SA): None (N)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Attack Requirement (MAT): None (N)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Vulnerable System Impact Confidentiality (MVC): None (N)
  • Modified Vulnerable System Impact Integrity (MVI): Low (L)
  • Modified Vulnerable System Impact Availability (MVA): High (H)
  • Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
  • Modified Subsequent System Impact Integrity (MSI): Negligible (N)
  • Modified Subsequent System Impact Availability (MSA): Negligible (N)
  • Safety (S): Not Defined (X)
  • Automatable (AU): Not Defined (X)
  • Recovery (R): Not Defined (X)
  • Value Density (V): Not Defined (X)
  • Vulnerability Response Effort (RE): Not Defined (X)
  • Provider Urgency (U): Not Defined (X)
  • Confidentiality Req. (CR): Not Defined (X)
  • Integrity Req. (IR): Not Defined (X)
  • Availability Req. (AR): Not Defined (X)
  • Exploit Maturity (E): Not Defined (X)
updated 13 hours ago by @LeSuisse Activity log
  • Created suggestion 17 hours ago
  • @LeSuisse accepted 13 hours ago
  • @LeSuisse published on GitHub 13 hours ago
ALSA Library < 1.2.16.1 Double-Free via parse_def() in conf.c

The Advanced Linux Sound Architecture (ALSA) library before 1.2.16.1 contains a double-free vulnerability in parse_def() in src/conf.c that allows attackers to corrupt memory by supplying maliciously crafted ALSA configuration text. When parsing nested compound or array configuration blocks, parse_def() fails to check return values before continuing, causing snd_config_delete() to be called twice on the same already-freed node, resulting in a NULL-pointer write or invalid memory read.

References

Affected products

alsa-lib
  • <1.2.16.1

Matching in nixpkgs

Published
Permalink CVE-2026-25068
updated 4 months, 2 weeks ago by @LeSuisse Activity log
  • Created suggestion 4 months, 3 weeks ago
  • @LeSuisse ignored
    3 packages
    • tests.pkg-config.defaultPkgConfigPackages.alsa
    • tests.pkg-config.defaultPkgConfigPackages.alsa-topology
    • alsa-lib-with-plugins
    4 months, 2 weeks ago
  • @LeSuisse accepted 4 months, 2 weeks ago
  • @LeSuisse published on GitHub 4 months, 2 weeks ago
alsa-lib 1.2.15.2 Topology Decoder Heap-based Buffer Overflow

alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplg_decode_control_mixer1() function reads the num_channels field from untrusted .tplg data and uses it as a loop bound without validating it against the fixed-size channel array (SND_TPLG_MAX_CHAN). A crafted topology file with an excessive num_channels value can cause out-of-bounds heap writes, leading to a crash.

Affected products

alsa-lib
  • ==commit 5f7fe33
  • <1.2.15.2

Matching in nixpkgs

pkgs.alsa-lib

ALSA, the Advanced Linux Sound Architecture libraries

Ignored packages (3) 
Upstream patch: https://github.com/alsa-project/alsa-lib/commit/5f7fe33002d2d98d84f72e381ec2cccc0d5d3d40