Skip to main content

Alsa Lib

1 CVEs product

Monthly

CVE-2026-56109 HIGH POC PATCH This Week

Memory corruption in the Advanced Linux Sound Architecture (ALSA) user-space library (alsa-lib) before 1.2.16.1 allows local attackers to crash audio-dependent processes by feeding maliciously crafted configuration text to parse_def() in src/conf.c. The flaw is a double-free reachable through nested compound or array config blocks, leading to a NULL-pointer write or invalid read; publicly available exploit code exists (reported by VulnCheck), but the issue is not on the CISA KEV list.

Information Disclosure Suse Alsa Lib
NVD GitHub VulDB
CVSS 4.0
7.0
EPSS
0.1%
EPSS 0% CVSS 7.0
HIGH POC PATCH This Week

Memory corruption in the Advanced Linux Sound Architecture (ALSA) user-space library (alsa-lib) before 1.2.16.1 allows local attackers to crash audio-dependent processes by feeding maliciously crafted configuration text to parse_def() in src/conf.c. The flaw is a double-free reachable through nested compound or array config blocks, leading to a NULL-pointer write or invalid read; publicly available exploit code exists (reported by VulnCheck), but the issue is not on the CISA KEV list.

Information Disclosure Suse Alsa Lib
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy