miniaudio version 0.11.25 and earlier (fixed in commits 1df46ae and 1df46ae) contain a heap out-of-bounds read vulnerability in the WAV…
VulnCheck·CWE-170·Published 2026-03-17
miniaudio version 0.11.25 and earlier (fixed in commits 1df46ae and 1df46ae) contain a heap out-of-bounds read vulnerability in the WAV BEXT metadata parser that allows attackers to trigger memory access violations by processing crafted WAV files. Attackers can exploit improper null-termination handling in the coding history field to cause out-of-bounds reads past the allocated metadata pool, resulting in application crashes or denial of service.
miniaudio version 0.11.25 and earlier (fixed in commits 1df46ae and 1df46ae) contain a heap out-of-bounds read vulnerability in the WAV BEXT metadata parser that allows attackers to trigger memory access violations by processing crafted WAV files. Attackers can exploit improper null-termination handling in the coding history field to cause out-of-bounds reads past the allocated metadata pool, resulting in application crashes or denial of service.
miniaudio versión 0.11.25 y anteriores contienen una vulnerabilidad de lectura fuera de límites en el heap en el analizador de metadatos BEXT de WAV que permite a los atacantes desencadenar violaciones de acceso a la memoria al procesar archivos WAV manipulados. Los atacantes pueden explotar un manejo inadecuado de la terminación nula en el campo de historial de codificación para causar lecturas fuera de límites más allá del pool de metadatos asignado, lo que resulta en caídas de la aplicación o denegación de servicio.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 3.1 | Primary | NVD | 4.0 | 2.5 | 1.4 | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
| 3.1 | Primary | cve.org | 4.0 | — | — | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
| 3.1 | Secondary | NVD | 5.5 | 1.8 | 3.6 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| 4.0 | Primary | cve.org | 5.1 | — | — | CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
| 4.0 | Secondary | NVD | 5.1 | — | — | CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |