Description
dr_libs dr_wav.h version 0.14.4 and earlier (fixed in commit 8a7258c) contain a heap buffer overflow vulnerability in the drwav__read_smpl_to_metadata_obj() function of dr_wav.h that allows memory corruption via crafted WAV files. Attackers can exploit a mismatch between sampleLoopCount validation in pass 1 and unconditional processing in pass 2 to overflow heap allocations with 36 bytes of attacker-controlled data through any drwav_init_*_with_metadata() call on untrusted input.
Published: 2026-03-03
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Heap buffer overflow causing memory corruption
Action: Apply Patch
AI Analysis

Impact

The vulnerability resides in the drwav__read_smpl_to_metadata_obj() function of dr_libs dr_wav.h (versions 0.14.4 and earlier). It is a heap buffer overflow that occurs when the sampleLoopCount validation in the first pass is not matched by unconditional processing in the second pass, allowing an attacker to overflow 36 bytes of attacker‑controlled data. This memory corruption can compromise the integrity of the process running drwav_init_*_with_metadata() on untrusted WAV files, potentially leading to denial of service or arbitrary code execution.

Affected Systems

The affected product is dr_libs dr_wav.h version 0.14.4 and earlier, used by developers and applications that incorporate this open‑source library. The vendor is mackron.

Risk and Exploitability

The vulnerability carries a medium severity rating (CVSS 6.8) and the likelihood of exploitation is currently considered very low (EPSS < 1%). The vulnerability is not listed in the CISA KEV catalog. Exploitation requires a specially crafted WAV file to be processed by a vulnerable application that calls drwav_init_*_with_metadata(); when triggered, the overflow can be performed without additional privileges, providing a potential local or remote attack surface depending on the deployment scenario.

Generated by OpenCVE AI on April 17, 2026 at 13:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update dr_libs to the latest release that includes the fix from commit 8a7258c.
  • If upgrading immediately is not possible, remove or disable any code paths that invoke drwav_init_*_with_metadata() for externally sourced data; alternatively, validate the sampleLoopCount and metadata headers before parsing.
  • Restrict the processing of WAV files to trusted users only and scan or sanitize all uploaded files for well‑formed headers and loop structures before passing them to the library.

Generated by OpenCVE AI on April 17, 2026 at 13:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 20 Mar 2026 18:00:00 +0000

Type Values Removed Values Added
Description dr_libs version 0.14.4 and earlier (fixed in commit 8a7258c) contain a heap buffer overflow vulnerability in the drwav__read_smpl_to_metadata_obj() function of dr_wav.h that allows memory corruption via crafted WAV files. Attackers can exploit a mismatch between sampleLoopCount validation in pass 1 and unconditional processing in pass 2 to overflow heap allocations with 36 bytes of attacker-controlled data through any drwav_init_*_with_metadata() call on untrusted input. dr_libs dr_wav.h version 0.14.4 and earlier (fixed in commit 8a7258c) contain a heap buffer overflow vulnerability in the drwav__read_smpl_to_metadata_obj() function of dr_wav.h that allows memory corruption via crafted WAV files. Attackers can exploit a mismatch between sampleLoopCount validation in pass 1 and unconditional processing in pass 2 to overflow heap allocations with 36 bytes of attacker-controlled data through any drwav_init_*_with_metadata() call on untrusted input.
Title mackron / dr_libs Heap Buffer Overflow via WAV File mackron / dr_libs dr_wav.h Heap Buffer Overflow via WAV File

Mon, 09 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
CPEs cpe:2.3:a:mackron:dr_libs:*:*:*:*:*:*:*:*

Wed, 04 Mar 2026 22:15:00 +0000

Type Values Removed Values Added
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 04 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Mackron
Mackron dr Libs
Vendors & Products Mackron
Mackron dr Libs

Tue, 03 Mar 2026 20:00:00 +0000

Type Values Removed Values Added
Description dr_libs version 0.14.4 and earlier (fixed in commit 8a7258c) contain a heap buffer overflow vulnerability in the drwav__read_smpl_to_metadata_obj() function of dr_wav.h that allows memory corruption via crafted WAV files. Attackers can exploit a mismatch between sampleLoopCount validation in pass 1 and unconditional processing in pass 2 to overflow heap allocations with 36 bytes of attacker-controlled data through any drwav_init_*_with_metadata() call on untrusted input.
Title mackron / dr_libs Heap Buffer Overflow via WAV File
Weaknesses CWE-122
References
Metrics cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Mackron Dr Libs
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-23T15:44:18.419Z

Reserved: 2026-03-03T17:24:13.913Z

Link: CVE-2026-29022

cve-icon Vulnrichment

Updated: 2026-03-04T21:14:08.519Z

cve-icon NVD

Status : Modified

Published: 2026-03-03T20:16:49.433

Modified: 2026-03-20T18:16:12.890

Link: CVE-2026-29022

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T13:30:19Z

Weaknesses