CVE-2026-32837 is a heap out-of-bounds read vulnerability in miniaudio version 0.11.25 and earlier. The vulnerability is caused by improper null-termination handling in the WAV BEXT metadata parser, specifically in the coding history field. This allows attackers to trigger memory access violations by processing crafted WAV files, resulting in application crashes or denial of service. The vulnerability has [truncated]
CVE-2026-32836 is an uncontrolled memory allocation vulnerability in dr_libs' dr_flac.h version 0.13.3 and earlier. The vulnerability allows attackers to cause denial of service through memory exhaustion when processing FLAC streams with metadata callbacks. Affected products include those using dr_libs version 0.13.3 or earlier. The vulnerability has a CVSS score of 6.9 and is classified as MEDIUM severit [truncated]
CVE-2026-29022 is a heap buffer overflow vulnerability in dr_libs dr_wav.h version 0.14.4 and earlier. The vulnerability allows memory corruption via crafted WAV files. Attackers can exploit a mismatch between sampleLoopCount validation in pass 1 and unconditional processing in pass 2 to overflow heap allocations with 36 bytes of attacker-controlled data through any drwav_init_*_with_metadata() call on un [truncated]