Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-29022

dr_libs dr_wav.h version 0.14.4 and earlier (fixed in commit 8a7258c) contain a heap buffer overflow vulnerability in the drwav__read_smpl_to_metadata_obj() function of dr_wav.h that allows memory corruption via crafted WAV files. Attackers can exploit a mismatch between sampleLoopCount validation in pass 1 and unconditional processing in pass 2 to overflow heap allocations with 36 bytes of attacker-controlled data through any drwav_init_*_with_metadata() call on untrusted input.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 15.3%
CVSS Severity
CVSS v3 Score 7.3
Products affected by CVE-2026-29022
  • Mackron » Dr Libs » Version: 0.12.43
    cpe:2.3:a:mackron:dr_libs:0.12.43
  • Mackron » Dr Libs » Version: 0.13.0
    cpe:2.3:a:mackron:dr_libs:0.13.0
  • Mackron » Dr Libs » Version: 0.13.1
    cpe:2.3:a:mackron:dr_libs:0.13.1
  • Mackron » Dr Libs » Version: 0.13.17
    cpe:2.3:a:mackron:dr_libs:0.13.17
  • Mackron » Dr Libs » Version: 0.13.2
    cpe:2.3:a:mackron:dr_libs:0.13.2
  • Mackron » Dr Libs » Version: 0.13.3
    cpe:2.3:a:mackron:dr_libs:0.13.3
  • Mackron » Dr Libs » Version: 0.14.0
    cpe:2.3:a:mackron:dr_libs:0.14.0
  • Mackron » Dr Libs » Version: 0.14.1
    cpe:2.3:a:mackron:dr_libs:0.14.1
  • Mackron » Dr Libs » Version: 0.14.2
    cpe:2.3:a:mackron:dr_libs:0.14.2
  • Mackron » Dr Libs » Version: 0.14.3
    cpe:2.3:a:mackron:dr_libs:0.14.3
  • Mackron » Dr Libs » Version: 0.14.4
    cpe:2.3:a:mackron:dr_libs:0.14.4
  • Mackron » Dr Libs » Version: 0.6.40
    cpe:2.3:a:mackron:dr_libs:0.6.40
  • Mackron » Dr Libs » Version: 0.7.0
    cpe:2.3:a:mackron:dr_libs:0.7.0
  • Mackron » Dr Libs » Version: 0.7.1
    cpe:2.3:a:mackron:dr_libs:0.7.1
  • Mackron » Dr Libs » Version: 0.7.2
    cpe:2.3:a:mackron:dr_libs:0.7.2
  • Mackron » Dr Libs » Version: 0.7.3
    cpe:2.3:a:mackron:dr_libs:0.7.3


Products
Pricing
Contact Us

Shodan ® - All rights reserved