CVE-2026-32837

UNKNOWN 0.0

mackron / miniaudio Out-of-Bounds Read in BEXT Coding History Parsing

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

miniaudio version 0.11.25 and earlier contain a heap out-of-bounds read vulnerability in the WAV BEXT metadata parser that allows attackers to trigger memory access violations by processing crafted WAV files. Attackers can exploit improper null-termination handling in the coding history field to cause out-of-bounds reads past the allocated metadata pool, resulting in application crashes or denial of service.

CWE	CWE-170
Vendor	mackron
Product	miniaudio
Published	Mar 17, 2026
Last Updated	Mar 17, 2026

Stay Ahead of the Next One

Get instant alerts for mackron miniaudio

Be the first to know when new unknown vulnerabilities affecting mackron miniaudio are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

mackron / miniaudio

0 ≤ 0.11.25

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/mackron/miniaudio/issues/1101 vulncheck.com: https://www.vulncheck.com/advisories/mackron-miniaudio-out-of-bounds-read-in-bext-coding-history-parsing

Credits

Ana Kapulica