Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
mackron / dr_libs dr_wav.h Heap Buffer Overflow via WAV File
Vulnerability Description
dr_libs dr_wav.h version 0.14.4 and earlier (fixed in commit 8a7258c) contain a heap buffer overflow vulnerability in the drwav__read_smpl_to_metadata_obj() function of dr_wav.h that allows memory corruption via crafted WAV files. Attackers can exploit a mismatch between sampleLoopCount validation in pass 1 and unconditional processing in pass 2 to overflow heap allocations with 36 bytes of attacker-controlled data through any drwav_init_*_with_metadata() call on untrusted input.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H
Vulnerability Type
堆缓冲区溢出
Vulnerability Title
dr_libs 安全漏洞
Vulnerability Description
dr_libs是David Reid个人开发者的一个C/C++的音频解码库。 dr_libs 0.14.4及之前版本存在安全漏洞,该漏洞源于drwav__read_smpl_to_metadata_obj函数存在堆缓冲区溢出,可能导致通过特制的WAV文件造成内存损坏。
CVSS Information
N/A
Vulnerability Type
N/A