CVE-2026-29022
Heap Buffer Overflow in dr_libs dr_wav.h Allows Memory Corruption
Publication date: 2026-03-03
Last updated on: 2026-03-20
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mackron | dr_libs | to 0.14.4 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-29022 is a heap buffer overflow vulnerability in dr_libs version 0.14.4 and earlier, specifically in the function drwav__read_smpl_to_metadata_obj() within dr_wav.h. The flaw occurs when processing crafted WAV files containing malformed "smpl" chunks. The vulnerability arises from a mismatch between the validation of the sampleLoopCount field during the first parsing pass and its unconditional use during the second pass. In the first pass, only chunks with matching sampleLoopCount are counted and allocated memory, but in the second pass, all chunks with sufficient size are processed regardless of validation. This leads to writing 36 bytes of attacker-controlled data beyond the allocated heap buffer, causing memory corruption.'}] [1, 3]
How can this vulnerability impact me? :
This vulnerability can lead to heap memory corruption when processing untrusted or malicious WAV files. An attacker can exploit this flaw to cause crashes or potentially execute arbitrary code by overflowing heap allocations with crafted data. This can compromise the stability and security of applications using vulnerable versions of dr_libs for audio processing, potentially leading to denial of service or further exploitation depending on the context in which the library is used.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves processing crafted WAV files that exploit a heap buffer overflow in the dr_libs library. Detection would involve identifying untrusted or malformed WAV files being processed by vulnerable versions (0.14.4 and earlier) of dr_libs.
Since the vulnerability is triggered by WAV files containing malformed 'smpl' chunks with mismatched sampleLoopCount values, one detection approach is to analyze WAV files for such malformed chunks before processing.
There are no specific commands provided in the resources to detect this vulnerability directly on a network or system.
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'The immediate mitigation step is to update dr_libs to version 0.14.5 or later, where the vulnerability has been fixed by adding proper validation of the sampleLoopCount field in both parsing passes.'}, {'type': 'paragraph', 'content': "The fix ensures that WAV files with malformed 'smpl' chunks are rejected early, preventing heap buffer overflow and memory corruption."}, {'type': 'paragraph', 'content': 'Until the update can be applied, avoid processing untrusted or suspicious WAV files with vulnerable versions of dr_libs.'}] [2, 3]