libsndfile: integer overflow in ima_reader_init()

A flaw was found in the libsndfile library. An integer overflow in the IMA ADPCM codec can occur when a specially crafted WAV audio file is processed, specifically with malicious samplesperblock and blocks values. This can lead to a heap-based buffer overflow, causing a crash to the application...

libsndfile: integer overflow in ima_reader_init()

A flaw was found in the libsndfile library. An integer overflow in the IMA ADPCM codec can occur when a specially crafted WAV audio file is processed, specifically with malicious samplesperblock and blocks values. This can lead to a heap-based buffer overflow, causing a crash to the application...

libsndfile: integer overflow in ima_reader_init()

A flaw was found in the libsndfile library. An integer overflow in the IMA ADPCM codec can occur when a specially crafted WAV audio file is processed, specifically with malicious samplesperblock and blocks values. This can lead to a heap-based buffer overflow, causing a crash to the application...

Alibaba Cloud Linux 3 : 0136: libsndfile (ALINUX3-SA-2026:0136)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0136 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-37555: A flaw was found in the libsndfile...

Astra Linux - уязвимость в wavpack

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variables. The impact includes unexpected control flow, crashes, and segfaults. The affected component is: ParseWave64HeaderConfig wave64.c:211. The attack vector is a maliciously crafted .wav file. The fixed version is: Afte...

Unity Linux 20.1060e / 20.1070e Security Update: audiofile (UTSA-2026-017498)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017498 advisory. Heap-based buffer overflow in the readValue function in FileHandle.cpp in audiofile aka libaudiofile and Audio File Library 0.3.6 allows remote attackers to have...

CVE-2026-37555

A flaw was found in the libsndfile library. An integer overflow in the IMA ADPCM codec can occur when a specially crafted WAV audio file is processed, specifically with malicious samplesperblock and blocks values. This can lead to a heap-based buffer overflow, causing a crash to the application...

CVE-2018-25212

Boxoft wav-wma Converter 1.0 contains a local buffer overflow vulnerability in structured exception handling that allows attackers to execute arbitrary code by crafting malicious WAV files. Attackers can create a specially crafted WAV file with excessive data and ROP gadgets to overwrite the SEH...

CVE-2018-25212

The CVE-2018-25212 entry concerns Boxoft wav-wma Converter 1.0, which reportedly contains a local buffer overflow vulnerability in structured exception handling. An attacker can craft WAV files with excess data and ROP gadgets to overwrite the SEH chain, enabling arbitrary code execution on Windo...

CVE-2018-25212 Boxoft wav-wma Converter 1.0 Local Buffer Overflow SEH

Boxoft wav-wma Converter 1.0 contains a local buffer overflow vulnerability in structured exception handling that allows attackers to execute arbitrary code by crafting malicious WAV files. Attackers can create a specially crafted WAV file with excessive data and ROP gadgets to overwrite the SEH...

EUVD-2026-12633

miniaudio version 0.11.25 and earlier contain a heap out-of-bounds read vulnerability in the WAV BEXT metadata parser that allows attackers to trigger memory access violations by processing crafted WAV files. Attackers can exploit improper null-termination handling in the coding history field to...

SUSE CVE-2026-29022

drlibs drwav.h version 0.14.4 and earlier fixed in commit 8a7258c contain a heap buffer overflow vulnerability in the drwavreadsmpltometadataobj function of drwav.h that allows memory corruption via crafted WAV files. Attackers can exploit a mismatch between sampleLoopCount validation in pass 1 a...

CVE-2026-29022

drlibs drwav.h version 0.14.4 and earlier fixed in commit 8a7258c contain a heap buffer overflow vulnerability in the drwavreadsmpltometadataobj function of drwav.h that allows memory corruption via crafted WAV files. Attackers can exploit a mismatch between sampleLoopCount validation in pass 1 a...

CVE-2026-29022

drlibs drwav.h version 0.14.4 and earlier fixed in commit 8a7258c contain a heap buffer overflow vulnerability in the drwavreadsmpltometadataobj function of drwav.h that allows memory corruption via crafted WAV files. Attackers can exploit a mismatch between sampleLoopCount validation in pass 1 a...

CVE-2026-29022

drlibs drwav.h version 0.14.4 and earlier fixed in commit 8a7258c contain a heap buffer overflow vulnerability in the drwavreadsmpltometadataobj function of drwav.h that allows memory corruption via crafted WAV files. Attackers can exploit a mismatch between sampleLoopCount validation in pass 1 a...

PT-2026-22810

Name of the Vulnerable Software and Affected Versions dr libs versions prior to the commit 8a7258c Description The software contains a heap buffer overflow in the drwav read smpl to metadata obj function within dr wav.h. This allows for memory corruption through specially crafted WAV files. A...

Debian dla-4450 : libtag1-dev - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4450 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4450-1 [email protected] https://www.debian.org/lts/security/...

PT-2025-54245

Name of the Vulnerable Software and Affected Versions SoX version 14.4.2 Description SoX version 14.4.2 contains a division by zero issue when processing WAV files, potentially leading to program crashes. An attacker can provide a crafted WAV file to trigger a floating point exception due to...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : taglib (SUSE-SU-2025:4501-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:4501-1 advisory. - CVE-2023-47466: application crash when processing specially crafted WAV files during tag writing...

EUVD-2000-0013

Malware in sbrugna...