The Advanced Linux Sound Architecture (ALSA) library before 1.2.16.1 contains a double-free vulnerability in parse_def() in src/conf.c that allows attackers to corrupt memory by supplying maliciously crafted ALSA configuration text. When parsing nested compound or array configuration blocks, parse_def() fails to check return values before continuing, causing snd_config_delete() to be called twice on the same already-freed node, resulting in a NULL-pointer write or invalid memory read.
1.0.27.2-1ubuntu61.0.27.2-1ubuntu71.0.27.2-3ubuntu11.0.27.2-3ubuntu21.0.27.2-3ubuntu51.0.27.2-3ubuntu61.0.27.2-3ubuntu71.0.29-0ubuntu11.1.0-0ubuntu11.1.3-51.1.3-5ubuntu0.11.1.3-5ubuntu0.21.1.3-5ubuntu0.41.1.3-5ubuntu0.51.1.3-5ubuntu0.61.2.6.1-1ubuntu1.21.2.11-1ubuntu0.31.2.13-1build11.2.14-11.2.14-1ubuntu11.2.14-1ubuntu1.11.2.15.3-1ubuntu1.1Exploitability
AV:LAC:LAT:NPR:NUI:NVulnerable System
VC:NVI:LVA:HSubsequent System
SC:NSI:NSA:NCVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N