Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the drflacreadanddecodemetadata function. An attacker can cause excessive memory allocation by supplying crafted FLAC streams with maliciously controlled mimeLength and descriptionLength...

CVE-2026-32836 mackron / dr_libs dr_flac.h Excessive Memory Allocation in PICTURE Metadata Parsing

drlibs drflac.h version 0.13.3 and earlier fixed in commits fefced4, 4f5a4cd, and 663239a contain an uncontrolled memory allocation vulnerability in drflacreadanddecodemetadata that allows attackers to trigger excessive memory allocation by supplying crafted PICTURE metadata blocks. Attackers can...

CVE-2026-32836

CVE-2026-32836 affects dr_libs up to version 0.13.3, where drflac__read_and_decode_metadata() can trigger uncontrolled memory allocation via crafted PICTURE metadata blocks. Attackers can set attacker-controlled mimeLength and descriptionLength to cause memory exhaustion and denial of service whi...

CVE-2026-32836

drlibs drflac.h version 0.13.3 and earlier fixed in commits fefced4, 4f5a4cd, and 663239a contain an uncontrolled memory allocation vulnerability in drflacreadanddecodemetadata that allows attackers to trigger excessive memory allocation by supplying crafted PICTURE metadata blocks. Attackers can...

[SECURITY] Fedora 42 Update: dr_libs-0^20241216git660795b-4.fc42

Single-file audio decoding libraries for C/C++...

Fedora: Security Advisory (FEDORA-2026-2350c6fd8c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 44 Update: dr_libs-0^20260302.fa931f3-2.fc44

Single-file audio decoding libraries for C/C++...

Fedora: Security Advisory (FEDORA-2026-d1d665c9d5)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 44 : dr_libs (2026-c2889d2725)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-c2889d2725 advisory. drflac ======= v0.13.3 - 2026-01-17 -------------------- - Fix a compiler compatibility issue with some inlined assembly. - Fix a compilation warning. drmp3...

📄 dr_libs 0.14.4 Heap Buffer Overflow

A heap buffer overflow exists in the function drwavreadsmpltometadataobj when processing WAV files with a crafted smpl chunk. The vulnerability arises due to a mismatch between sampleLoopCount validation in pass 1 and unconditional processing in pass 2, allowing 36 bytes of attacker-controlled da...

Linux Distros Unpatched Vulnerability : CVE-2026-29022

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drlibs drwav.h version 0.14.4 and earlier fixed in commit 8a7258c contain a heap buffer overflow vulnerability in the drwavreadsmpltometadataobj function of...

SUSE CVE-2026-29022

drlibs drwav.h version 0.14.4 and earlier fixed in commit 8a7258c contain a heap buffer overflow vulnerability in the drwavreadsmpltometadataobj function of drwav.h that allows memory corruption via crafted WAV files. Attackers can exploit a mismatch between sampleLoopCount validation in pass 1 a...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow through the drwavreadsmpltometadataobj function. An attacker can cause memory corruption by supplying a specially crafted WAV file that exploits a mismatch between sample loop count validation and processing,...

CVE-2026-29022

drlibs drwav.h version 0.14.4 and earlier fixed in commit 8a7258c contain a heap buffer overflow vulnerability in the drwavreadsmpltometadataobj function of drwav.h that allows memory corruption via crafted WAV files. Attackers can exploit a mismatch between sampleLoopCount validation in pass 1 a...

CVE-2026-29022

drlibs drwav.h version 0.14.4 and earlier fixed in commit 8a7258c contain a heap buffer overflow vulnerability in the drwavreadsmpltometadataobj function of drwav.h that allows memory corruption via crafted WAV files. Attackers can exploit a mismatch between sampleLoopCount validation in pass 1 a...

CVE-2026-29022

CVE-2026-29022 affects dr_libs/dr_wav.h up to version 0.14.4. The vulnerability is a heap buffer overflow in the function drwav__read_smpl_to_metadata_obj() , caused by a mismatch between sampleLoopCount validation in pass 1 and unconditional processing in pass 2, allowing memory corruption via c...

CVE-2026-29022 mackron / dr_libs dr_wav.h Heap Buffer Overflow via WAV File

drlibs drwav.h version 0.14.4 and earlier fixed in commit 8a7258c contain a heap buffer overflow vulnerability in the drwavreadsmpltometadataobj function of drwav.h that allows memory corruption via crafted WAV files. Attackers can exploit a mismatch between sampleLoopCount validation in pass 1 a...

dr_libs security vulnerabilities

drlibs is an audio decoding library developed by David Reid. drlibs has a security vulnerability that stems from trusting the totalPCMFrameCount field in FLAC metadata. This vulnerability may lead to integer overflows, allowing attackers to launch denial-of-service attacks on programs that use th...

Fedora: Security Advisory (FEDORA-2025-894ea1b6a5)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 43 : dr_libs (2025-894ea1b6a5)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-894ea1b6a5 advisory. drflac v0.13.2 - 2025-12-02 - Improve robustness of the parsing of picture metadata to improve support for memory constrained embedded devices. - Fix a warni...