33 matches found
Astra Linux – Vulnerability in wavpack
WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variables. The impact includes unexpected control flow, crashes, and segfaults. The affected component is: ParseWave64HeaderConfig wave64.c:211. The attack vector is a maliciously crafted .wav file. The fixed version is: Afte...
libsndfile: integer overflow in ima_reader_init()
A flaw was found in the libsndfile library. An integer overflow in the IMA ADPCM codec can occur when a specially crafted WAV audio file is processed, specifically with malicious samplesperblock and blocks values. This can lead to a heap-based buffer overflow, causing a crash to the application...
libsndfile: integer overflow in ima_reader_init()
A flaw was found in the libsndfile library. An integer overflow in the IMA ADPCM codec can occur when a specially crafted WAV audio file is processed, specifically with malicious samplesperblock and blocks values. This can lead to a heap-based buffer overflow, causing a crash to the application...
libsndfile: integer overflow in ima_reader_init()
A flaw was found in the libsndfile library. An integer overflow in the IMA ADPCM codec can occur when a specially crafted WAV audio file is processed, specifically with malicious samplesperblock and blocks values. This can lead to a heap-based buffer overflow, causing a crash to the application...
Alibaba Cloud Linux 3 : 0136: libsndfile (ALINUX3-SA-2026:0136)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0136 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-37555: A flaw was found in the libsndfile...
Unity Linux 20.1060e / 20.1070e Security Update: audiofile (UTSA-2026-017498)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017498 advisory. Heap-based buffer overflow in the readValue function in FileHandle.cpp in audiofile aka libaudiofile and Audio File Library 0.3.6 allows remote attackers to have...
CVE-2026-37555
A flaw was found in the libsndfile library. An integer overflow in the IMA ADPCM codec can occur when a specially crafted WAV audio file is processed, specifically with malicious samplesperblock and blocks values. This can lead to a heap-based buffer overflow, causing a crash to the application...
CVE-2018-25212 Boxoft wav-wma Converter 1.0 Local Buffer Overflow SEH
Boxoft wav-wma Converter 1.0 contains a local buffer overflow vulnerability in structured exception handling that allows attackers to execute arbitrary code by crafting malicious WAV files. Attackers can create a specially crafted WAV file with excessive data and ROP gadgets to overwrite the SEH...
EUVD-2026-12633
miniaudio version 0.11.25 and earlier contain a heap out-of-bounds read vulnerability in the WAV BEXT metadata parser that allows attackers to trigger memory access violations by processing crafted WAV files. Attackers can exploit improper null-termination handling in the coding history field to...
SUSE CVE-2026-29022
drlibs drwav.h version 0.14.4 and earlier fixed in commit 8a7258c contain a heap buffer overflow vulnerability in the drwavreadsmpltometadataobj function of drwav.h that allows memory corruption via crafted WAV files. Attackers can exploit a mismatch between sampleLoopCount validation in pass 1 a...
CVE-2026-29022
drlibs drwav.h version 0.14.4 and earlier fixed in commit 8a7258c contain a heap buffer overflow vulnerability in the drwavreadsmpltometadataobj function of drwav.h that allows memory corruption via crafted WAV files. Attackers can exploit a mismatch between sampleLoopCount validation in pass 1 a...
CVE-2026-29022 mackron / dr_libs dr_wav.h Heap Buffer Overflow via WAV File
drlibs drwav.h version 0.14.4 and earlier fixed in commit 8a7258c contain a heap buffer overflow vulnerability in the drwavreadsmpltometadataobj function of drwav.h that allows memory corruption via crafted WAV files. Attackers can exploit a mismatch between sampleLoopCount validation in pass 1 a...
CVE-2026-29022
drlibs drwav.h version 0.14.4 and earlier fixed in commit 8a7258c contain a heap buffer overflow vulnerability in the drwavreadsmpltometadataobj function of drwav.h that allows memory corruption via crafted WAV files. Attackers can exploit a mismatch between sampleLoopCount validation in pass 1 a...
PT-2026-22810
Name of the Vulnerable Software and Affected Versions dr libs versions prior to the commit 8a7258c Description The software contains a heap buffer overflow in the drwav read smpl to metadata obj function within dr wav.h. This allows for memory corruption through specially crafted WAV files. A...
Debian dla-4450 : libtag1-dev - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4450 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4450-1 [email protected] https://www.debian.org/lts/security/...
SUSE SLED15: libtag-devel / libtag-doc / libtag1 / libtag1-32bit / libtag_c0 / etc (SUSE-SU-2025:4501-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:4501-1 advisory. - CVE-2023-47466: application crash when processing specially crafted WAV files during tag writing...
Linux Distros Unpatched Vulnerability : CVE-2017-11099
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When SWFTools 0.9.2 processes a crafted file in wav2swf, it can lead to a Segmentation Violation in the wavconvert2mono function in lib/wav.c. CVE-2017-11099 No...
CVE-2023-47466
TagLib before 2.0 allows a segmentation violation and application crash during tag writing via a crafted WAV file in which an id3 chunk is the only valid chunk...
gstreamer1-plugins-good: OOB-read in gst_wavparse_smpl_chunk
A flaw was found in the GStreamer library. Various out-of-bounds reads in the WAV parser can cause crashes for certain input files, potentially allowing a malicious actor to trigger an application crash...
Linux Distros Unpatched Vulnerability : CVE-2017-11331
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The wavopen function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote attackers to cause a denial of service memory allocation error via a crafted...