15 matches found
PT-2026-38024
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been found in the parse ds64 function within gstwavparse.c. The parse ds64 function does not check that the buffer buf contains sufficient data before attempting to read from it, doing...
Amazon Linux 2 : gstreamer-plugins-good, --advisory ALAS2-2026-3250 (ALAS-2026-3250)
The version of gstreamer-plugins-good installed on the remote host is prior to 0.10.31-20. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3250 advisory. An out-of-bounds read in the WAV parser that can cause crashes for certain input files. CVE-2026-1940 Tenable has...
EUVD-2026-14551
An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gstwavparseadtlchunk function. The patch added a size validation check lsize + 8 size, but it does not account for the GSTROUNDUP2lsize used in the actual offset calculation. When lsize is an odd number, the parser advances more...
CVE-2026-1940
An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gstwavparseadtlchunk function. The patch added a size validation check lsize + 8 size, but it does not account for the GSTROUNDUP2lsize used in the actual offset calculation. When lsize is an odd number, the parser advances more...
CVE-2026-29022 mackron / dr_libs dr_wav.h Heap Buffer Overflow via WAV File
drlibs drwav.h version 0.14.4 and earlier fixed in commit 8a7258c contain a heap buffer overflow vulnerability in the drwavreadsmpltometadataobj function of drwav.h that allows memory corruption via crafted WAV files. Attackers can exploit a mismatch between sampleLoopCount validation in pass 1 a...
The vulnerability of the gst_wavparse_adtl function in the Gstreamer multimedia framework, which allows a hacker to cause a service failure.
The vulnerability of the gstwavparseadtlchunk multimedia framework in Gstreamer is related to reading beyond the permitted range of memory. Exploiting this vulnerability can allow a remote attacker to cause service failures...
UBUNTU-CVE-2024-47777
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gstwavparsesmplchunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size of the data buffer is...
AZL-44017 CVE-2021-33844 affecting package sox 14.4.2.0-34
A floating point exception divide-by-zero issue was discovered in SoX in functon startread of wav.c file. An attacker with a crafted wav file, could cause an application to crash...
PT-2021-4866 · Adobe · Audition
Name of the Vulnerable Software and Affected Versions: Adobe Audition versions 14.4 and earlier Description: The issue is related to a memory corruption vulnerability when parsing a WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is...
SoX buffer overflows
Buffer overflows on wav parsing...
foobar2000 integer overflow
Integer overflow on WAV parsing...
Easy Music Player buffer overflow
Buffer overflow on WAV parsing...
Microsoft Windows Media Player buffer overflow
Buffer overflow on WAV parsing...
Microsoft Windows Media Player integer overflow
Integer overflow on WAV parsing...
VLC media player multiple security vulnerabilities
Format string vulnerabilities in Ogg Vorbis and Ogg Theora comments parsing, CDDA data, SAP/SDP discovery service. Integer overflow and uninitialized variables on WAV parsing...