Description
A vulnerability has been found in jarikomppa soloud up to 20200207. Impacted is the function drwav_read_pcm_frames_s16__msadpcm in the library src/audiosource/wav/dr_wav.h of the component WAV File Parser. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit has been disclosed to the public and may be used. Upgrading to version 20200207 is recommended to address this issue. It is recommended to upgrade the affected component. The project was informed of the problem early through an issue report but has not responded yet.
References (6)
Core 6
Core References
Permissions Required, VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.350532
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.350532
Permissions Required, VDB Entry third-party-advisory
https://vuldb.com/?submit.769766
Issue Tracking issue-tracking
https://github.com/jarikomppa/soloud/issues/401
Third Party Advisory exploit
https://github.com/oneafter/0209/blob/main/so3/repro
Various Sources product
https://github.com/jarikomppa/soloud/
Scores
CVSS v3
3.3
EPSS
0.0011
EPSS Percentile
1.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-119
CWE-125
Status
published
Published
Mar 12, 2026
Tracked Since
Mar 12, 2026