CVE Catalog

CVE-2026-32837

MediumCVSS 4.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.23%

14th percentile - higher than 14% of all known CVEs

Summary

In miniaudio version 0.11.25 and earlier, a heap out-of-bounds read vulnerability exists in the WAV BEXT metadata parser. Improper null-termination handling in the coding history field can cause memory access violations.

Risk Assessment

An attacker can exploit this by providing a crafted WAV file, potentially causing application crashes or denial of service (DoS).

Recommendation

Immediately update miniaudio to a version containing the fix (commit 1df46ae) or later.

Original NVD description (English source)

miniaudio version 0.11.25 and earlier (fixed in commits 1df46ae and 1df46ae) contain a heap out-of-bounds read vulnerability in the WAV BEXT metadata parser that allows attackers to trigger memory access violations by processing crafted WAV files. Attackers can exploit improper null-termination handling in the coding history field to cause out-of-bounds reads past the allocated metadata pool, resulting in application crashes or denial of service.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS