PT-2026-25931 · Dr Libs · Dr Libs
Ana Kapulica
·
Publicado
2026-03-17
·
Atualizado
2026-03-17
·
CVE-2026-32836
CVSS v4.0
6.9
Média
| Vetor | AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
dr libs versions 0.13.3 and earlier
Description
The software contains an uncontrolled memory allocation issue in the
drflac read and decode metadata() function. This allows attackers to cause a denial of service by triggering excessive memory allocation. The issue is related to crafted PICTURE metadata blocks, specifically through manipulating the mimeLength and descriptionLength fields. Exploitation leads to memory exhaustion when processing FLAC streams with metadata callbacks.Recommendations
Update dr libs to a version later than 0.13.3.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Dr Libs