Ana Kapulica

**Name of the Vulnerable Software and Affected Versions** cgltf versions prior to 1.15 **Description** cgltf versions prior to 1.15 contain an integer overflow issue in the `cgltf validate()` function when validating sparse accessors. This allows attackers to trigger out-of-bounds reads by providing specially crafted glTF/GLB input files with attacker-controlled size values. Unchecked arithmetic operations in sparse accessor validation can cause heap buffer over-reads in the `cgltf calc index bound()` function, potentially leading to denial of service and memory disclosure. **Recommendations** Update to a version newer than 1.15.

**Name of the Vulnerable Software and Affected Versions** dr libs versions 0.13.3 and earlier **Description** The software contains an uncontrolled memory allocation issue in the `drflac read and decode metadata()` function. This allows attackers to cause a denial of service by triggering excessive memory allocation. The issue is related to crafted PICTURE metadata blocks, specifically through manipulating the `mimeLength` and `descriptionLength` fields. Exploitation leads to memory exhaustion when processing FLAC streams with metadata callbacks. **Recommendations** Update dr libs to a version later than 0.13.3.

**Name of the Vulnerable Software and Affected Versions** dr libs versions prior to the commit 8a7258c **Description** The software contains a heap buffer overflow in the `drwav read smpl to metadata obj()` function within `dr wav.h`. This allows for memory corruption through specially crafted WAV files. A discrepancy exists between sample loop count validation during the first pass and its unconditional processing in the second pass, enabling an overflow of heap allocations with 36 bytes of attacker-controlled data when using any `drwav init * with metadata()` call on untrusted input. **Recommendations** Update to a version after commit 8a7258c.

**Name of the Vulnerable Software and Affected Versions** miniaudio versions 0.11.25 and earlier **Description** The software contains a heap out-of-bounds read issue within the WAV BEXT metadata parser. Processing specially crafted WAV files can trigger memory access violations. Improper handling of null-termination in the coding history field allows attackers to cause out-of-bounds reads beyond the allocated metadata pool, potentially leading to application crashes or denial of service. **Recommendations** Update to a version of miniaudio later than 0.11.25.