Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
alsa-lib 1.2.15.2 Topology Decoder Heap-based Buffer Overflow
Vulnerability Description
alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplg_decode_control_mixer1() function reads the num_channels field from untrusted .tplg data and uses it as a loop bound without validating it against the fixed-size channel array (SND_TPLG_MAX_CHAN). A crafted topology file with an excessive num_channels value can cause out-of-bounds heap writes, leading to a crash.
CVSS Information
N/A
Vulnerability Type
对数组索引的验证不恰当
Vulnerability Title
alsa-lib 输入验证错误漏洞
Vulnerability Description
alsa-lib是Advanced Linux Sound Architecture开源的一个ALSA(高级Linux声音架构)用户空间库,它用于简化应用程序编程并提供更高级的功能。 alsa-lib 1.2.15.2及之前版本存在输入验证错误漏洞,该漏洞源于拓扑混合器控制解码器存在堆缓冲区溢出,可能导致越界堆写入和崩溃。
CVSS Information
N/A
Vulnerability Type
N/A