VYPR
Medium severity4.0NVD Advisory· Published Mar 17, 2026· Updated Apr 27, 2026

CVE-2026-32837

CVE-2026-32837

Description

miniaudio version 0.11.25 and earlier (fixed in commits 1df46ae and 1df46ae) contain a heap out-of-bounds read vulnerability in the WAV BEXT metadata parser that allows attackers to trigger memory access violations by processing crafted WAV files. Attackers can exploit improper null-termination handling in the coding history field to cause out-of-bounds reads past the allocated metadata pool, resulting in application crashes or denial of service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Mackron/Miniaudio2 versions
    cpe:2.3:a:mackron:miniaudio:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:mackron:miniaudio:*:*:*:*:*:*:*:*range: <=0.11.25
    • (no CPE)range: <=0.11.25

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.