VYPR
Medium severity6.2NVD Advisory· Published Mar 17, 2026· Updated Apr 27, 2026

CVE-2026-32836

CVE-2026-32836

Description

dr_libs dr_flac.h version 0.13.3 and earlier (fixed in commits fefced4, 4f5a4cd, and 663239a) contain an uncontrolled memory allocation vulnerability in drflac__read_and_decode_metadata() that allows attackers to trigger excessive memory allocation by supplying crafted PICTURE metadata blocks. Attackers can exploit attacker-controlled mimeLength and descriptionLength fields to cause denial of service through memory exhaustion when processing FLAC streams with metadata callbacks.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Mackron/Dr Libs2 versions
    cpe:2.3:a:mackron:dr_libs:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:mackron:dr_libs:*:*:*:*:*:*:*:*range: <=0.13.3
    • (no CPE)range: <=0.13.3

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.