libsndfile: integer overflow in ima_reader_init()

A flaw was found in the libsndfile library. An integer overflow in the IMA ADPCM codec can occur when a specially crafted WAV audio file is processed, specifically with malicious samplesperblock and blocks values. This can lead to a heap-based buffer overflow, causing a crash to the application...

EUVD-2018-21682

Boxoft wav-wma Converter 1.0 contains a local buffer overflow vulnerability in structured exception handling that allows attackers to execute arbitrary code by crafting malicious WAV files. Attackers can create a specially crafted WAV file with excessive data and ROP gadgets to overwrite the SEH...

CVE-2018-25212

Boxoft wav-wma Converter 1.0 contains a local buffer overflow vulnerability in structured exception handling that allows attackers to execute arbitrary code by crafting malicious WAV files. Attackers can create a specially crafted WAV file with excessive data and ROP gadgets to overwrite the SEH...

PT-2026-28249

Boxoft wav-wma Converter 1.0 contains a local buffer overflow vulnerability in structured exception handling that allows attackers to execute arbitrary code by crafting malicious WAV files. Attackers can create a specially crafted WAV file with excessive data and ROP gadgets to overwrite the SEH...

SUSE CVE-2026-32837

miniaudio version 0.11.25 and earlier fixed in commits 1df46ae and 1df46ae contain a heap out-of-bounds read vulnerability in the WAV BEXT metadata parser that allows attackers to trigger memory access violations by processing crafted WAV files. Attackers can exploit improper null-termination...

UBUNTU-CVE-2026-32837

miniaudio version 0.11.25 and earlier fixed in commits 1df46ae and 1df46ae contain a heap out-of-bounds read vulnerability in the WAV BEXT metadata parser that allows attackers to trigger memory access violations by processing crafted WAV files. Attackers can exploit improper null-termination...

EUVD-2026-9315

drlibs version 0.14.4 and earlier fixed in commit 8a7258c contain a heap buffer overflow vulnerability in the drwavreadsmpltometadataobj function of drwav.h that allows memory corruption via crafted WAV files. Attackers can exploit a mismatch between sampleLoopCount validation in pass 1 and...

Cleanersoft Free MP3 CD Ripper has security vulnerabilities

Cleanersoft Free MP3 CD Ripper is a track extraction software developed by Cleanersoft Corporation. Version 2.8 of Cleanersoft Free MP3 CD Ripper contains a security vulnerability. This vulnerability arises from malicious WAV files that may cause stack buffer overflows, potentially allowing...

EUVD-2022-55929

SoX 14.4.2 contains a division by zero vulnerability when handling WAV files that can cause program crashes. Attackers can trigger a floating point exception by providing a specially crafted WAV file that causes arithmetic errors during sound file processing...

CVE-2022-50798

Rejected reason: This candidate is a duplicate of CVE-2017-11359...

CVE-2022-50798

This candidate is a duplicate of CVE-2017-11359...

TagLib 安全漏洞

TagLib is a TagLib audio metadatabase from TagLib Open Source. A security vulnerability exists in TagLib versions prior to TagLib 2.0, which stems from a specially crafted WAV file that could lead to segmentation violations and application crashes...

PT-2024-25250 · Phiola · Phiola

Name of the Vulnerable Software and Affected Versions: phiola version 2.0-rc22 Description: The issue is a Buffer-Overflow vulnerability located at pcm convert.h:513. This vulnerability allows a remote attacker to execute arbitrary code via a crafted .wav file. Recommendations: For phiola version...

PT-2024-12532 · Gtkwave · Gtkwave

Name of the Vulnerable Software and Affected Versions: GTKWave version 3.3.115 Description: Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a...

PT-2024-12536 · Gtkwave · Gtkwave

Name of the Vulnerable Software and Affected Versions: GTKWave version 3.3.115 Description: The issue concerns decompression in the vcd2lxt utility of GTKWave, where multiple OS command injection vulnerabilities exist. These vulnerabilities can be triggered by a specially crafted wave file,...

SUSE CVE-2005-0611

Heap-based buffer overflow in RealNetworks RealPlayer 10.5 6.0.12.1056 and earlier, 10, 8, and RealOne Player V2 and V1, allows remote attackers to execute arbitrary code via .WAV files...

SUSE CVE-2018-19840

The function WavpackPackInit in packutils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service resource exhaustion caused by an infinite loop via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero...

SUSE CVE-2019-1010317

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig caff.c:486. The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit...

DEBIAN-CVE-2022-24792

PJSIP is a free and open source multimedia communication library written in C. A denial-of-service vulnerability affects applications on a 32-bit systems that use PJSIP versions 2.12 and prior to play/read invalid WAV files. The vulnerability occurs when reading WAV file data chunks with length...

PJSIP 安全漏洞

PJSIP is a free and open source multimedia communication library written in C that implements standards-based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. A security vulnerability exists in PJSIP 2.12 and earlier versions, which originates from playing/reading invalid WAV files...