Alsa Lib
Monthly
Memory corruption in the Advanced Linux Sound Architecture (ALSA) user-space library (alsa-lib) before 1.2.16.1 allows local attackers to crash audio-dependent processes by feeding maliciously crafted configuration text to parse_def() in src/conf.c. The flaw is a double-free reachable through nested compound or array config blocks, leading to a NULL-pointer write or invalid read; publicly available exploit code exists (reported by VulnCheck), but the issue is not on the CISA KEV list.
Memory corruption in the Advanced Linux Sound Architecture (ALSA) user-space library (alsa-lib) before 1.2.16.1 allows local attackers to crash audio-dependent processes by feeding maliciously crafted configuration text to parse_def() in src/conf.c. The flaw is a double-free reachable through nested compound or array config blocks, leading to a NULL-pointer write or invalid read; publicly available exploit code exists (reported by VulnCheck), but the issue is not on the CISA KEV list.