CVE-2026-32837 mackron / miniaudio Out-of-Bounds Read in BEXT Coding History Parsing

🗓️ 17 Mar 2026 19:10:06Reported by VulnCheckType

CVE-2026-32837: Miniaudio pre-0.11.26 has heap out-of-bounds read in WAV BEXT parsing, causing crashes via crafted WAVs.

Reporter	Title	Published	Views	Family All 15
ATTACKERKB	CVE-2026-32837	17 Mar 202619:10	–	attackerkb
Circl	CVE-2026-32837	17 Mar 202619:16	–	circl
CNNVD	miniaudio 安全漏洞	17 Mar 202600:00	–	cnnvd
CVE	CVE-2026-32837	17 Mar 202619:10	–	cve
Debian CVE	CVE-2026-32837	17 Mar 202619:10	–	debiancve
EUVD	EUVD-2026-12633	17 Mar 202621:31	–	euvd
NVD	CVE-2026-32837	17 Mar 202620:16	–	nvd
OSV	DEBIAN-CVE-2026-32837	17 Mar 202620:16	–	osv
OSV	UBUNTU-CVE-2026-32837	17 Mar 202620:16	–	osv
RedhatCVE	CVE-2026-32837	18 Mar 202603:23	–	redhatcve

[
  {
    "vendor": "mackron",
    "product": "miniaudio",
    "repo": "https://github.com/mackron/miniaudio",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThanOrEqual": "0.11.25",
        "versionType": "semver"
      },
      {
        "status": "unaffected",
        "version": "1df46ae9a0eed5aa9f58b179d2cc4af5d23f8bde",
        "versionType": "git"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Source	Link
github	www.github.com/mackron/miniaudio/commit/1df46ae9a0eed5aa9f58b179d2cc4af5d23f8bde
github	www.github.com/mackron/dr_libs/commit/04e40d66a7ba1632f93ec1328d4b42ad986e3ee0
vulncheck	www.vulncheck.com/advisories/mackron-miniaudio-out-of-bounds-read-in-bext-coding-history-parsing
github	www.github.com/mackron/miniaudio/issues/1101

27 Apr 2026 15:38Current

CVSS 3.14

CVSS 45.1

EPSS0.00231

CWE-170