CVE-2026-37555

Published: Apr 29, 2026 Last Modified: Mag 01, 2026
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,5
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high

Description

AI Translation Available

An issue was discovered in libsndfile 1.2.2 IMA ADPCM codec. The AIFF code path (line 241) was fixed with (sf_count_t) cast, but the WAV code path (line 235) and close path (line 167) were not. When samplesperblock (int) * blocks (int) exceeds INT_MAX, the 32-bit multiplication overflows before being assigned to sf.frames (sf_count_t/int64). With samplesperblock=50000 and blocks=50000, the product 2500000000 overflows to -1794967296. This causes incorrect frame count leading to heap buffer overflow or denial of service. Both values come from the WAV file header and are attacker-controlled. This issue was discovered after an incomplete fix for CVE-2022-33065.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0003
Percentile
0,1th
Updated

Single Data Point

Only one EPSS measurement is available for this CVE. Trend analysis requires multiple data points over time.

190

Integer Overflow or Wraparound

Stable
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Availability Integrity Confidentiality Access Control Other
Potential Impacts:
Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Memory) Dos: Instability Modify Memory Execute Unauthorized Code Or Commands Bypass Protection Mechanism Alter Execution Logic Dos: Resource Consumption (Cpu)
Applicable Platforms
Languages: C, Not Language-Specific
Likelihood of Exploit: Medium
View CWE Details
Application

Libsndfile by Libsndfile Project

Product Information
Vendor Libsndfile Project
Product Libsndfile
Version 1.2.2
cpe:2.3:a:libsndfile_project:libsndfile:1.2.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/libsndfile/libsndfile/issues/833
https://github.com/libsndfile/libsndfile/issues/833
https://gist.github.com/sgInnora/a5f5c19e4bf6f4fb74fab7b0ef…
https://gist.github.com/sgInnora/a5f5c19e4bf6f4fb74fab7b0ef2bfcc1
https://github.com/libsndfile/libsndfile/commit/9a829113c88…
https://github.com/libsndfile/libsndfile/commit/9a829113c88a51e57c1e46473e90609…
https://github.com/libsndfile/libsndfile/issues/833
https://github.com/libsndfile/libsndfile/issues/833