The Advanced Linux Sound Architecture (ALSA) library before 1.2.16.1 contains a double-free vulnerability in parse_def() in src/conf.c that allows attackers to corrupt memory by supplying maliciously crafted ALSA configuration text. When parsing nested compound or array configuration blocks, parse_def() fails to check return values before continuing, causing snd_config_delete() to be called twice on the same already-freed node, resulting in a NULL-pointer write or invalid memory read.
Metrics
Affected Vendors & Products
References
History
Tue, 14 Jul 2026 21:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:2.3:a:alsa-project:alsa-lib:*:*:*:*:*:*:*:* |
Mon, 22 Jun 2026 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Alsa-project
Alsa-project alsa-lib |
|
| Vendors & Products |
Alsa-project
Alsa-project alsa-lib |
Mon, 22 Jun 2026 19:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Mon, 22 Jun 2026 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The Advanced Linux Sound Architecture (ALSA) library before 1.2.16.1 contains a double-free vulnerability in parse_def() in src/conf.c that allows attackers to corrupt memory by supplying maliciously crafted ALSA configuration text. When parsing nested compound or array configuration blocks, parse_def() fails to check return values before continuing, causing snd_config_delete() to be called twice on the same already-freed node, resulting in a NULL-pointer write or invalid memory read. | |
| Title | ALSA Library < 1.2.16.1 Double-Free via parse_def() in conf.c | |
| Weaknesses | CWE-415 | |
| References |
|
|
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published: 2026-06-22T15:58:42.404Z
Updated: 2026-07-14T21:34:01.247Z
Reserved: 2026-06-18T19:15:10.650Z
Link: CVE-2026-56109
Updated: 2026-06-22T17:29:18.270Z
No data.
No data.