PT-2025-9691 · Miniaudio · Miniaudio

A Member

Published

2025-03-04

Updated

2025-03-05

CVE-2024-41147

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Miniaudio version 0.11.21

Description The issue is related to an out-of-bounds write vulnerability in the ma dr flac decode samples lpc functionality. It can be triggered by a specially crafted .flac file, leading to memory corruption. An attacker can exploit this by providing a malicious file.

Recommendations For Miniaudio version 0.11.21, consider avoiding the use of the ma dr flac decode samples lpc functionality until a patch is available. Restrict access to processing .flac files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122

Related Identifiers

CVE-2024-41147

Affected Products

Miniaudio

PT-2025-9691 · Miniaudio · Miniaudio

CVE-2024-41147

Weakness Enumeration

Related Identifiers

Affected Products

References · 11