CNNVD-202601-4868 Information
CNNVD ID
CNNVD-202601-4868
Related CVE
- CNNVD Published: 2026-01-29
Description (Chinese)
alsa-lib是Advanced Linux Sound Architecture开源的一个ALSA(高级Linux声音架构)用户空间库,它用于简化应用程序编程并提供更高级的功能。 alsa-lib 1.2.15.2及之前版本存在输入验证错误漏洞,该漏洞源于拓扑混合器控制解码器存在堆缓冲区溢出,可能导致越界堆写入和崩溃。
Description (English)
alsa-lib is an ALSA (Advanced Linux Sound Architecture) user space library, which is used to simplify application programming and provide more advanced functionality. Alsa-lib 1.2.15.2 and previous versions had input validation error holes, which stemmed from the proliferation of the amplifier control decodors and the spilling of the buffer zone, which could lead to cross-border pile writing and collapse.
Hazard Level
High
Vulnerability Type
输入验证错误
Affected Vendor
Advanced Linux Sound Architecture
Published
2026-01-29
Last Modified
2026-02-24
References
https://github.com/alsa-project/alsa-lib/commit/5f7fe33002d2d98d84f72e381ec2cccc0d5d3d40 https://www.vulncheck.com/advisories/alsa-lib-topology-decoder-heap-based-buffer-overflow https://access.redhat.com/security/cve/cve-2026-25068
Patch
https://github.com/alsa-project/alsa-lib
Share on: