PT-2026-25931 · Dr Libs · Dr Libs
Ana Kapulica
·
Published
2026-03-17
·
Updated
2026-03-17
·
CVE-2026-32836
CVSS v4.0
6.9
Medium
| Vector | AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
dr libs versions 0.13.3 and earlier
Description
The software contains an uncontrolled memory allocation issue in the
drflac read and decode metadata() function. This allows attackers to cause a denial of service by triggering excessive memory allocation. The issue is related to crafted PICTURE metadata blocks, specifically through manipulating the mimeLength and descriptionLength fields. Exploitation leads to memory exhaustion when processing FLAC streams with metadata callbacks.Recommendations
Update dr libs to a version later than 0.13.3.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dr Libs