Andrea Fioraldi

**Name of the Vulnerable Software and Affected Versions** libsndfile version 1.0.30 **Description** The issue is caused by a heap buffer overflow in the `msadpcm decode block` function of the libsndfile library. This can be exploited by a remote attacker using a specially crafted WAV file, potentially allowing the execution of arbitrary code. **Recommendations** For libsndfile version 1.0.30, consider updating to a newer version that addresses the heap buffer overflow vulnerability in the `msadpcm decode block` function. As a temporary workaround, restrict the use of the `msadpcm decode block` function when processing untrusted WAV files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** libMirage version 3.2.2 **Description** The issue is a NULL pointer dereference in the NRG parser, located in parser.c. **Recommendations** For libMirage version 3.2.2, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** libMirage version 3.2.2 **Description** The issue is related to a heap-based buffer overflow in the CSO filter of libMirage, which can be triggered by a local Linux user due to the lack of validation of the part size. This can potentially lead to root access. **Recommendations** For libMirage version 3.2.2, consider updating to a newer version that addresses this issue, as the current version does not validate the part size, leading to a potential heap-based buffer overflow. At the moment, there is no information about a newer version that contains a fix for this vulnerability.