Home / Vulnerability Intelligence / CVE-2026-32837

CVE-2026-32837 - Vulnerability Analysis

MediumCVSS: 5.5

Last Updated: March 19, 2026

miniaudio - Denial of Service

Published: March 17, 2026Updated: March 19, 2026PoC Available

Overview

miniaudio <= 0.11.25 contains a heap out-of-bounds read caused by improper null-termination handling in the WAV BEXT metadata parser, letting attackers cause application crashes or denial of service by processing crafted WAV files.

Severity & Score

Severity: Medium

CVSS Score: 5.5

Impact

Attackers can cause application crashes or denial of service by triggering out-of-bounds memory reads.

Mitigation

Update to the latest version beyond 0.11.25.

References

https://github.com/mackron/miniaudio/issues/1101
https://www.vulncheck.com/advisories/mackron-miniaudio-out-of-bounds-read-in-bext-coding-history-parsing

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-32837
Severity: Medium
CVSS Score: 5.5
Type: out_of_bounds_rw
Status: confirmed

CWE

CWE-170

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H