CVE-2026-25068
Unknown Unknown - Not Provided
Heap-Based Buffer Overflow in alsa-lib Topology Mixer Decoder

Publication date: 2026-01-29

Last updated on: 2026-02-06

Assigner: VulnCheck

Description
alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplg_decode_control_mixer1() function reads the num_channels field from untrusted .tplg data and uses it as a loop bound without validating it against the fixed-size channel array (SND_TPLG_MAX_CHAN). A crafted topology file with an excessive num_channels value can cause out-of-bounds heap writes, leading to a crash.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-29
Last Modified
2026-02-06
Generated
2026-06-16
AI Q&A
2026-01-29
EPSS Evaluated
2026-06-15
NVD
CVE-2026-25068
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
alsa_project alsa_lib From 1.2.2|end_including=1.2.15.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-129 The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a heap-based buffer overflow in the ALSA library's topology mixer control decoder. The function tplg_decode_control_mixer1() reads the num_channels field from untrusted topology (.tplg) files without validating it against the fixed-size channel array limit. If a crafted topology file contains an excessive num_channels value, it can cause out-of-bounds heap writes, potentially leading to a crash or heap corruption. [1]

Impact Analysis

The vulnerability can lead to heap corruption and application crashes when processing maliciously crafted topology files. This could potentially be exploited to cause denial of service or other unintended behavior in applications using the ALSA library for audio topology decoding. [1]

Detection Guidance

This vulnerability involves processing of crafted .tplg topology files by alsa-lib. Detection can be done by checking if your system uses vulnerable versions of alsa-lib (1.2.2 up to 1.2.15.2 prior to commit 5f7fe33). You can verify the alsa-lib version installed on your system using commands like `dpkg -l | grep alsa-lib` on Debian-based systems or `rpm -qa | grep alsa-lib` on RPM-based systems. Additionally, monitoring for crashes or abnormal behavior in applications that process .tplg files may indicate exploitation attempts. There are no specific network commands since this is a local file parsing vulnerability.

Mitigation Strategies

To mitigate this vulnerability, immediately update alsa-lib to a version that includes the fix from commit 5f7fe33 or later. This update adds boundary checks on the number of channels processed in the topology mixer, preventing heap corruption from maliciously crafted .tplg files. If an update is not immediately possible, avoid loading or processing untrusted or suspicious .tplg topology files to reduce risk. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25068. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart