Home

Description

A vulnerability has been found in jarikomppa soloud up to 20200207. Impacted is the function drwav_read_pcm_frames_s16__msadpcm in the library src/audiosource/wav/dr_wav.h of the component WAV File Parser. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit has been disclosed to the public and may be used. Upgrading to version 20200207 is recommended to address this issue. It is recommended to upgrade the affected component. The project was informed of the problem early through an issue report but has not responded yet.

PUBLISHED Reserved 2026-03-11 | Published 2026-03-12 | Updated 2026-03-12 | Assigner VulDB




MEDIUM: 4.8CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
LOW: 3.3CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
LOW: 3.3CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
1.7AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C

Problem types

Out-of-Bounds Read

Memory Corruption

Product status

20200207
affected

20200207
unaffected

Timeline

2026-03-11:Advisory disclosed
2026-03-11:VulDB entry created
2026-03-11:VulDB entry last update

Credits

Oneafter (VulDB User) reporter

References

vuldb.com/?id.350532 (VDB-350532 | jarikomppa soloud WAV File dr_wav.h drwav_read_pcm_frames_s16__msadpcm out-of-bounds) vdb-entry technical-description

vuldb.com/?ctiid.350532 (VDB-350532 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.769766 (Submit #769766 | jarikomppa soloud SoLoud 20200207 and master-branch Out-of-Bounds Read) third-party-advisory

github.com/jarikomppa/soloud/issues/401 issue-tracking

github.com/oneafter/0209/blob/main/so3/repro exploit

github.com/jarikomppa/soloud/ product

cve.org (CVE-2026-4009)

nvd.nist.gov (CVE-2026-4009)

Download JSON