CVE-2026-3393 | THREATINT

Description

A security vulnerability has been detected in jarikomppa soloud up to 20200207. The impacted element is the function SoLoud::Wav::loadflac of the file src/audiosource/wav/soloud_wav.cpp of the component Audio File Handler. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

PUBLISHED Reserved 2026-02-28 | Published 2026-03-01 | Updated 2026-03-01 | Assigner VulDB

MEDIUM: 4.8CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

LOW: 3.3CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R

LOW: 3.3CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R

1.7AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR

Problem types

Heap-based Buffer Overflow

Memory Corruption

Product status

20200207

affected

Timeline

2026-02-28:	Advisory disclosed
2026-02-28:	VulDB entry created
2026-02-28:	VulDB entry last update

Credits

Oneafter (VulDB User) reporter

References

vuldb.com/?id.348279 (VDB-348279 | jarikomppa soloud Audio File soloud_wav.cpp loadflac heap-based overflow) vdb-entry technical-description

vuldb.com/?ctiid.348279 (VDB-348279 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.761338 (Submit #761338 | jarikomppa soloud master-branch Heap-based Buffer Overflow) third-party-advisory

github.com/jarikomppa/soloud/issues/401 issue-tracking

github.com/oneafter/0209/blob/main/so1/repro exploit

github.com/jarikomppa/soloud/ product

cve.org (CVE-2026-3393)

nvd.nist.gov (CVE-2026-3393)

Download JSON