CVE-2026-29022
Received Received - Intake
Heap Buffer Overflow in dr_libs dr_wav.h Allows Memory Corruption

Publication date: 2026-03-03

Last updated on: 2026-03-20

Assigner: VulnCheck

Description
dr_libs dr_wav.h version 0.14.4 and earlier (fixed in commit 8a7258c) contain a heap buffer overflow vulnerability in the drwav__read_smpl_to_metadata_obj() function of dr_wav.h that allows memory corruption via crafted WAV files. Attackers can exploit a mismatch between sampleLoopCount validation in pass 1 and unconditional processing in pass 2 to overflow heap allocations with 36 bytes of attacker-controlled data through any drwav_init_*_with_metadata() call on untrusted input.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-03
Last Modified
2026-03-20
Generated
2026-06-16
AI Q&A
2026-03-03
EPSS Evaluated
2026-06-15
NVD
CVE-2026-29022
EUVD
EUVD-2026-9315
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mackron dr_libs to 0.14.4 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-29022 is a heap buffer overflow vulnerability in dr_libs version 0.14.4 and earlier, specifically in the function drwav__read_smpl_to_metadata_obj() within dr_wav.h. The flaw occurs when processing crafted WAV files containing malformed "smpl" chunks. The vulnerability arises from a mismatch between the validation of the sampleLoopCount field during the first parsing pass and its unconditional use during the second pass. In the first pass, only chunks with matching sampleLoopCount are counted and allocated memory, but in the second pass, all chunks with sufficient size are processed regardless of validation. This leads to writing 36 bytes of attacker-controlled data beyond the allocated heap buffer, causing memory corruption.'}] [1, 3]

Impact Analysis

This vulnerability can lead to heap memory corruption when processing untrusted or malicious WAV files. An attacker can exploit this flaw to cause crashes or potentially execute arbitrary code by overflowing heap allocations with crafted data. This can compromise the stability and security of applications using vulnerable versions of dr_libs for audio processing, potentially leading to denial of service or further exploitation depending on the context in which the library is used.

Compliance Impact

I don't know

Detection Guidance

This vulnerability involves processing crafted WAV files that exploit a heap buffer overflow in the dr_libs library. Detection would involve identifying untrusted or malformed WAV files being processed by vulnerable versions (0.14.4 and earlier) of dr_libs.

Since the vulnerability is triggered by WAV files containing malformed 'smpl' chunks with mismatched sampleLoopCount values, one detection approach is to analyze WAV files for such malformed chunks before processing.

There are no specific commands provided in the resources to detect this vulnerability directly on a network or system.

Mitigation Strategies

[{'type': 'paragraph', 'content': 'The immediate mitigation step is to update dr_libs to version 0.14.5 or later, where the vulnerability has been fixed by adding proper validation of the sampleLoopCount field in both parsing passes.'}, {'type': 'paragraph', 'content': "The fix ensures that WAV files with malformed 'smpl' chunks are rejected early, preventing heap buffer overflow and memory corruption."}, {'type': 'paragraph', 'content': 'Until the update can be applied, avoid processing untrusted or suspicious WAV files with vulnerable versions of dr_libs.'}] [2, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-29022. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart