Dr Libs
Monthly
Denial of service in dr_libs 0.13.3 and earlier enables local attackers with user privileges to exhaust system memory by supplying malicious PICTURE metadata blocks with oversized length fields in FLAC streams. The vulnerability resides in improper bounds checking during metadata parsing, allowing uncontrolled memory allocation that crashes applications processing affected audio files. No patch is currently available.
Heap buffer overflow in dr_libs 0.14.4 and earlier allows attackers to corrupt memory by supplying maliciously crafted WAV files to any application using drwav_init_*_with_metadata() functions. The vulnerability exploits inconsistent validation of sample loop counts between processing passes, enabling 36 bytes of attacker-controlled data to overflow heap allocations. Public exploit code exists for this vulnerability.
Denial of service in dr_libs 0.13.3 and earlier enables local attackers with user privileges to exhaust system memory by supplying malicious PICTURE metadata blocks with oversized length fields in FLAC streams. The vulnerability resides in improper bounds checking during metadata parsing, allowing uncontrolled memory allocation that crashes applications processing affected audio files. No patch is currently available.
Heap buffer overflow in dr_libs 0.14.4 and earlier allows attackers to corrupt memory by supplying maliciously crafted WAV files to any application using drwav_init_*_with_metadata() functions. The vulnerability exploits inconsistent validation of sample loop counts between processing passes, enabling 36 bytes of attacker-controlled data to overflow heap allocations. Public exploit code exists for this vulnerability.