dr_libs dr_wav.h version 0.14.4 and earlier (fixed in commit 8a7258c) contain a heap buffer overflow vulnerability in the drwav__read_smpl_to_metadata_obj() function of dr_wav.h that allows memory corruption via crafted WAV files. Attackers can exploit a mismatch between sampleLoopCount validation in pass 1 and unconditional processing in pass 2 to overflow heap allocations with 36 bytes of attacker-controlled data through any drwav_init_*_with_metadata() call on untrusted input.
Attack Parameters
Attack Vector
Local
Requires local access
Attack Complexity
Low
Easy to exploit
Attack Requirements
None
No additional conditions
Privileges Required
None
No privileges needed
User Interaction
Active
User action required
Impact Assessment
Confidentiality
Low
Partial data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service
CVSS Vector v4.0
Weakness Type (CWE)
Vulnerable Products 1
| Configuration | From (including) | Up to (excluding) |
|---|---|---|
|
Mackron Dr_Libs
cpe:2.3:a:mackron:dr_libs:*:*:*:*:*:*:*:*
|
— |
<= 0.14.4
|
References 4
https://github.com/mackron/dr_libs/commit/8a7258cc66b49387ad58cc5b81568982a3560…
disclosure@vulncheck.com
https://github.com/mackron/dr_libs/issues/296
disclosure@vulncheck.com
https://github.com/marlinkcyber/advisories/blob/main/advisories/MCSAID-2026-001…
disclosure@vulncheck.com
https://www.vulncheck.com/advisories/mackron-dr-libs-heap-buffer-overflow-via-w…
disclosure@vulncheck.com