Zurück zur CVE-Übersicht
CVE-2026-32837
MEDIUM(4.0)CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Risk Signal Score10/100 — NIEDRIG
- CVSS 4 — Mittel
EPSS-Score
0%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
4
Technische Schwere
Beschreibung
miniaudio version 0.11.25 and earlier (fixed in commits 1df46ae and 1df46ae) contain a heap out-of-bounds read vulnerability in the WAV BEXT metadata parser that allows attackers to trigger memory access violations by processing crafted WAV files. Attackers can exploit improper null-termination handling in the coding history field to cause out-of-bounds reads past the allocated metadata pool, resulting in application crashes or denial of service.