[OE-core][scarthgap][PATCH] libsndfile1: patch CVE-2025-56226

Tue, 03 Feb 2026 13:48:02 -0800 

From: Peter Marko <[email protected]>

Pick patches from both PRs linked in issue mentioned in NVD report.

Signed-off-by: Peter Marko <[email protected]>
---
 .../libsndfile1/CVE-2025-56226-01.patch       | 36 ++++++++++++++++
 .../libsndfile1/CVE-2025-56226-02.patch       | 43 +++++++++++++++++++
 .../libsndfile/libsndfile1_1.2.2.bb           |  2 +
 3 files changed, 81 insertions(+)
 create mode 100644 
meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2025-56226-01.patch
 create mode 100644 
meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2025-56226-02.patch

diff --git 
a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2025-56226-01.patch 
b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2025-56226-01.patch
new file mode 100644
index 00000000000..e6e2bc12dd9
--- /dev/null
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2025-56226-01.patch
@@ -0,0 +1,36 @@
+From d9a35ea0d5c64c19dd635ae578e0028df8f66d6a Mon Sep 17 00:00:00 2001
+From: Sisyphus-wang <[email protected]>
+Date: Fri, 11 Jul 2025 15:14:48 +0800
+Subject: [PATCH] Update mpeg_l3_encode.c
+
+fix memoryLeak bug
+
+CVE: CVE-2025-56226
+Upstream-Status: Backport 
[https://github.com/libsndfile/libsndfile/commit/d9a35ea0d5c64c19dd635ae578e0028df8f66d6a]
+Signed-off-by: Peter Marko <[email protected]>
+---
+ src/mpeg_l3_encode.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/mpeg_l3_encode.c b/src/mpeg_l3_encode.c
+index 97324f79..04b1d501 100644
+--- a/src/mpeg_l3_encode.c
++++ b/src/mpeg_l3_encode.c
+@@ -87,7 +87,8 @@ mpeg_l3_encoder_init (SF_PRIVATE *psf, int info_tag)
+       if (! (pmpeg->lamef = lame_init ()))
+               return SFE_MALLOC_FAILED ;
+ 
+-      pmpeg->compression = -1.0 ; /* Unset */
++      psf->codec_close        = mpeg_l3_encoder_close ; /* Set 
psf->codec_close early*/
++      pmpeg->compression = -1.0 ; /* Unset */
+ 
+       lame_set_in_samplerate (pmpeg->lamef, psf->sf.samplerate) ;
+       lame_set_num_channels (pmpeg->lamef, psf->sf.channels) ;
+@@ -115,7 +116,6 @@ mpeg_l3_encoder_init (SF_PRIVATE *psf, int info_tag)
+               }
+ 
+       psf->sf.seekable        = 0 ;
+-      psf->codec_close        = mpeg_l3_encoder_close ;
+       psf->byterate           = mpeg_l3_encoder_byterate ;
+       psf->datalength         = 0 ;
+ 
diff --git 
a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2025-56226-02.patch 
b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2025-56226-02.patch
new file mode 100644
index 00000000000..077200be6b1
--- /dev/null
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2025-56226-02.patch
@@ -0,0 +1,43 @@
+From 68f6c16fe1407eff4cdde158566694c3ed666c2f Mon Sep 17 00:00:00 2001
+From: Sisyphus-wang <[email protected]>
+Date: Fri, 11 Jul 2025 15:26:24 +0800
+Subject: [PATCH] Update sndfile-convert.c
+
+fix memoryLeak in sndfile-conver.c
+
+CVE: CVE-2025-56226
+Upstream-Status: Backport 
[https://github.com/libsndfile/libsndfile/commit/68f6c16fe1407eff4cdde158566694c3ed666c2f]
+Signed-off-by: Peter Marko <[email protected]>
+---
+ programs/sndfile-convert.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/programs/sndfile-convert.c b/programs/sndfile-convert.c
+index 95f59d3c..a9f0cfac 100644
+--- a/programs/sndfile-convert.c
++++ b/programs/sndfile-convert.c
+@@ -301,6 +301,7 @@ main (int argc, char * argv [])
+ 
+       if ((sfinfo.format = sfe_file_type_of_ext (outfilename, sfinfo.format)) 
== 0)
+       {       printf ("Error : Not able to determine output file type for 
%s.\n", outfilename) ;
++              sf_close (infile) ;
+               return 1 ;
+               } ;
+ 
+@@ -344,6 +345,7 @@ main (int argc, char * argv [])
+       /* Open the output file. */
+       if ((outfile = sf_open (outfilename, SFM_WRITE, &sfinfo)) == NULL)
+       {       printf ("Not able to open output file %s : %s\n", outfilename, 
sf_strerror (NULL)) ;
++              sf_close (infile) ;
+               return 1 ;
+               } ;
+ 
+@@ -360,6 +362,8 @@ main (int argc, char * argv [])
+                       || (infileminor == SF_FORMAT_MPEG_LAYER_III) || 
(outfileminor == SF_FORMAT_MPEG_LAYER_III))
+       {       if (sfe_copy_data_fp (outfile, infile, sfinfo.channels, 
normalize) != 0)
+               {       printf ("Error : Not able to decode input file %s.\n", 
infilename) ;
++                      sf_close (infile) ;
++                      sf_close (outfile) ;
+                       return 1 ;
+                       } ;
+               }
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1_1.2.2.bb 
b/meta/recipes-multimedia/libsndfile/libsndfile1_1.2.2.bb
index 2a1b96d5e79..4cf42375739 100644
--- a/meta/recipes-multimedia/libsndfile/libsndfile1_1.2.2.bb
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1_1.2.2.bb
@@ -11,6 +11,8 @@ SRC_URI = 
"${GITHUB_BASE_URI}/download/${PV}/libsndfile-${PV}.tar.xz \
            file://noopus.patch \
            file://cve-2022-33065.patch \
            file://CVE-2024-50612.patch \
+           file://CVE-2025-56226-01.patch \
+           file://CVE-2025-56226-02.patch \
           "
 GITHUB_BASE_URI = "https://github.com/libsndfile/libsndfile/releases/";
 

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#230473): 
https://lists.openembedded.org/g/openembedded-core/message/230473
Mute This Topic: https://lists.openembedded.org/mt/117624149/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to