Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.8
Jarikomppa Soloud WAV File Parsing Bug Can Cause Data Exposure
CVE-2026-4009
Summary
A bug in Jarikomppa Soloud's WAV file parser may allow an attacker with local access to access sensitive data. This issue is fixed in a recent update, and we recommend upgrading to the latest version to prevent any potential data exposure.
Original title
A vulnerability has been found in jarikomppa soloud up to 20200207. Impacted is the function drwav_read_pcm_frames_s16__msadpcm in the library src/audiosource/wav/dr_wav.h of the component WAV File...
Original description
A vulnerability has been found in jarikomppa soloud up to 20200207. Impacted is the function drwav_read_pcm_frames_s16__msadpcm in the library src/audiosource/wav/dr_wav.h of the component WAV File Parser. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit has been disclosed to the public and may be used. Upgrading to version 20200207 is recommended to address this issue. It is recommended to upgrade the affected component. The project was informed of the problem early through an issue report but has not responded yet.
nvd CVSS2.0
1.7
nvd CVSS3.1
3.3
nvd CVSS4.0
4.8
Vulnerability type
CWE-119
Buffer Overflow
CWE-125
Out-of-bounds Read
Published: 12 Mar 2026 · Updated: 14 Mar 2026 · First seen: 12 Mar 2026