HIGH
alsa-project
CVE published 2026-06-22
CVE-2026-56109
The Advanced Linux Sound Architecture (ALSA) library before version 1.2.16.1 contains a double-free vulnerability in the parse_def() function in src/conf.c. This vulnerability allows attackers to corrupt memory by supplying maliciously crafted ALSA configuration text. When parsing nested compound or array configuration blocks, parse_def() fails to check return values before continuing, causing snd_config_ [truncated]