Alsa Project

alsa-project

3 CVEs • 2 products

Products (2)

Click to collapse

Toggle

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2009-0035 1Alsa Project 1Alsa Nov 21, 2024 Nov 9, 2019 N/A· v4 5.5 MEDIUM· v3 3.6 LOW· v2 alsa-utils 1.0.19 and later versions allows local users to overwrite arbitrary files via a symlink attack via the /usr/bin/alsa-info and /usr/bin/alsa-info.sh scripts.
CVE-2019-13351 2Alsa Project Jackaudio 2Alsa Jack2 Nov 21, 2024 Jul 5, 2019 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 posix/JackSocket.cpp in libjack in JACK2 1.9.1 through 1.9.12 (as distributed with alsa-plugins 1.1.7 and later) has a "double file descriptor close" issue during a failed connection attempt when jackd2 is not running. E...Show more posix/JackSocket.cpp in libjack in JACK2 1.9.1 through 1.9.12 (as distributed with alsa-plugins 1.1.7 and later) has a "double file descriptor close" issue during a failed connection attempt when jackd2 is not running. Exploitation success depends on multithreaded timing of that double close, which can result in unintended information disclosure, crashes, or file corruption due to having the wrong file associated with the file descriptor.Show less
CVE-2005-0087 2Alsa Project Redhat 2Alsa Lib Enterprise Linux Apr 16, 2026 Apr 27, 2005 N/A· v4 N/A· v3 4.6 MEDIUM· v2 The alsa-lib package in Red Hat Linux 4 disables stack protection for the libasound.so library, which makes it easier for attackers to execute arbitrary code if there are other vulnerabilities in the library.