Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.8
jarikomppa Soloud: Malicious WAV File Can Crash or Steal Data
CVE-2026-3394
Summary
A security flaw in jarikomppa Soloud allows an attacker to potentially crash the program or access sensitive information by sending a malicious WAV file. This issue affects local users, and an exploit is now publicly available. If you're using jarikomppa Soloud, it's recommended to update to the latest version, which should address this vulnerability.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| solhsa | soloud | <= 2020-02-07 | – |
Original title
A vulnerability was detected in jarikomppa soloud up to 20200207. This affects the function SoLoud::Wav::loadwav of the file src/audiosource/wav/soloud_wav.cpp of the component WAV File Parser. Per...
Original description
A vulnerability was detected in jarikomppa soloud up to 20200207. This affects the function SoLoud::Wav::loadwav of the file src/audiosource/wav/soloud_wav.cpp of the component WAV File Parser. Performing a manipulation results in memory corruption. The attack must be initiated from a local position. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
nvd CVSS2.0
1.7
nvd CVSS3.1
7.8
nvd CVSS4.0
4.8
Vulnerability type
CWE-119
Buffer Overflow
- https://github.com/jarikomppa/soloud/ Product
- https://github.com/jarikomppa/soloud/issues/401 Exploit Issue Tracking Vendor Advisory
- https://github.com/oneafter/0209/blob/main/so2/repro Exploit
- https://vuldb.com/?ctiid.348280 Permissions Required VDB Entry
- https://vuldb.com/?id.348280 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.761339 Third Party Advisory VDB Entry
Published: 1 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026