Vulnerability Details CVE-2026-32836
dr_libs dr_flac.h version 0.13.3 and earlier contain an uncontrolled memory allocation vulnerability in drflac__read_and_decode_metadata() that allows attackers to trigger excessive memory allocation by supplying crafted PICTURE metadata blocks. Attackers can exploit attacker-controlled mimeLength and descriptionLength fields to cause denial of service through memory exhaustion when processing FLAC streams with metadata callbacks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 3.2%
CVSS Severity
CVSS v3 Score 5.5
References