A flaw was found in the libsndfile library. An integer overflow in the IMA ADPCM codec can occur when a specially crafted WAV audio file is processed, specifically with malicious samplesperblock and blocks values. This can lead to a heap-based buffer overflow, causing a crash to the application linked to the library and memory corruption.

To exploit this issue, an attacker needs to be able to process a malicious WAV file with an application linked to the libsndfile library. Default Red Hat Enterprise Linux security features, including SELinux enforcement, Address Space Layout Randomization (ASLR) and NX (No-Execute) stack protection, significantly increase the difficulty of achieving arbitrary code execution, limiting the impact of this vulnerability. Due to these reasons, this flaw has been rated with an important severity. Do not process untrusted WAV files with the libsndfile library. Red Hat Enterprise Linux 10 Affected libsndfile Red Hat Enterprise Linux 6 Out of support scope libsndfile Red Hat Enterprise Linux 7 Out of support scope libsndfile Red Hat Enterprise Linux 8 Affected libsndfile Red Hat Enterprise Linux 9 Affected libsndfile https://www.cve.org/CVERecord?id=CVE-2026-37555 https://nvd.nist.gov/vuln/detail/CVE-2026-37555 https://github.com/libsndfile/libsndfile/commit/9a829113c88a51e57c1e46473e90609e4b7df151 https://github.com/libsndfile/libsndfile/issues/833