Description
Out-of-bounds Read vulnerability in tildearrow furnace (‎extern/libsndfile-modified/src modules). This vulnerability is associated with program files flac.C‎.

This issue affects furnace: before 0.7.
Published: 2026-03-24
Score: 8.4 High
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Immediate Patch
AI Analysis

Impact

An out-of-bounds read can occur in Furnace's modified libsndfile source code that processes FLAC files. The flaw allows the program to access memory beyond a buffer boundary, potentially revealing sensitive data or causing a crash. This weakness is a classic buffer over-read (CWE-125).

Affected Systems

The vulnerability affects the Furnace project maintained by tildearrow. All releases prior to version 0.7 are impacted. Users running these older versions and handling FLAC audio are at risk because the flaw is tied to the flac.C module.

Risk and Exploitability

The CVSS score of 8.4 indicates a high severity level, and the EPSS data is unavailable. The issue is not listed in the CISA Known Exploited Vulnerabilities catalog. Based on the description, it is inferred that an attacker who can supply a crafted FLAC file to a system running an affected installation could trigger the out-of-bounds read and obtain sensitive information or cause a denial of service. The problem is fully mitigated by upgrading to version 0.7 or later.

Generated by OpenCVE AI on March 24, 2026 at 05:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Furnace release (0.7 or newer).
  • Limit processing to trusted FLAC files or use input validation to prevent malicious file handling.

Generated by OpenCVE AI on March 24, 2026 at 05:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 24 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Tildearrow
Tildearrow furnace
Vendors & Products Tildearrow
Tildearrow furnace

Tue, 24 Mar 2026 03:30:00 +0000

Type Values Removed Values Added
Description Out-of-bounds Read vulnerability in tildearrow furnace (‎extern/libsndfile-modified/src modules). This vulnerability is associated with program files flac.C‎. This issue affects furnace: before 0.7.
Title Out-of-bounds Read Overflow in tildearrow/furnace
Weaknesses CWE-125
References
Metrics cvssV4_0

{'score': 8.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/S:N/AU:N/R:U/V:D/RE:L/U:Amber'}

Subscriptions

Tildearrow Furnace
cve-icon MITRE

Status: PUBLISHED

Assigner: GovTech CSG

Published:

Updated: 2026-03-24T18:28:11.937Z

Reserved: 2026-03-24T02:50:04.359Z

Link: CVE-2026-4732

cve-icon Vulnrichment

Updated: 2026-03-24T18:28:08.792Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-24T04:17:25.573

Modified: 2026-03-24T15:53:48.067

Link: CVE-2026-4732

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T20:40:25Z

Weaknesses