Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Local access with low privileges required to supply crafted audio input; only application availability is affected with no scope change, confidentiality, or integrity impact.
Primary rating from Vendor (vuldb).
CVSS VectorVendor: vuldb
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A flaw has been found in pdeljanov Symphonia up to 0.6.0. This vulnerability affects unknown code of the component Metadata Handler. This manipulation causes denial of service. The attack needs to be launched locally. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance.
AnalysisAI
Denial of service in pdeljanov Symphonia up to version 0.6.0 can be triggered locally by a low-privileged attacker who supplies a crafted audio file to the Metadata Handler component, causing improper resource release and application unavailability. The root cause is CWE-404 (Improper Resource Shutdown or Release) within the metadata parsing subsystem, with no impact on confidentiality or data integrity. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Local system access with at minimum low-privilege user rights is required - the attacker must be authenticated to the host or otherwise able to supply files to it. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Real-world risk is low. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A low-privileged local user on a system running a Symphonia-based audio processing application - such as a media indexer or transcoding tool - crafts a malformed audio file with adversarially structured metadata and supplies it as input. The Metadata Handler processes the file and fails to properly release internal resources, causing the application process to exhaust available memory or file handles and crash or hang. … |
| Remediation | No released patch is available as of the time of analysis; the upstream fix exists solely as unmerged pull request #514 at github.com/pdeljanov/Symphonia/pull/514. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-404 – Improper Resource Shutdown or Release
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42732
GHSA-whwr-vg23-jrwg