CVE-2025-52194

A buffer overflow vulnerability exists in libsndfile version 1.2.2 and potentially earlier versions when processing malformed IRCAM audio files. The vulnerability occurs in the ircam_read_header function at src/ircam.c:164 during sample rate processing, leading to memory corruption and potential code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CISA-ADPADP
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 30%
VendorProductVersion
libsndfile_projectlibsndfile
𝑥
≤ 1.2.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libsndfile
bullseye
postponed
trixie
no-dsa
bookworm
no-dsa
bullseye (security)
vulnerable
forky
vulnerable
sid
vulnerable
Common Weakness Enumeration
References
https://bushido-sec.com/index.php/2025/08/08/libsndfile-buffer-overflow/
https://github.com/libsndfile
https://github.com/libsndfile/libsndfile/issues/1082