Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.8
dr_libs: Malicious WAV files can crash or corrupt program
CVE-2026-29022
Summary
A security issue in dr_libs versions 0.14.4 and earlier allows hackers to crash or corrupt your program by sending specially crafted WAV files. This is a risk for anyone using dr_libs to read WAV files from untrusted sources. To stay safe, update to the latest version of dr_libs, which has already fixed this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| mackron | dr_libs | <= 0.14.4 | – |
Original title
dr_libs version 0.14.4 and earlier (fixed in commit 8a7258c) contain a heap buffer overflow vulnerability in the drwav__read_smpl_to_metadata_obj() function of dr_wav.h that allows memory corruptio...
Original description
dr_libs version 0.14.4 and earlier (fixed in commit 8a7258c) contain a heap buffer overflow vulnerability in the drwav__read_smpl_to_metadata_obj() function of dr_wav.h that allows memory corruption via crafted WAV files. Attackers can exploit a mismatch between sampleLoopCount validation in pass 1 and unconditional processing in pass 2 to overflow heap allocations with 36 bytes of attacker-controlled data through any drwav_init_*_with_metadata() call on untrusted input.
nvd CVSS3.1
7.3
nvd CVSS4.0
6.8
Vulnerability type
CWE-122
Heap-based Buffer Overflow
CWE-787
Out-of-bounds Write
Published: 3 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026