CVE-2026-4009

Source
https://cve.org/CVERecord?id=CVE-2026-4009
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-4009.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-4009
Published
2026-03-12T07:02:08.275Z
Modified
2026-07-08T08:02:05.829987878Z
Severity
  • 1.9 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
jarikomppa soloud WAV File dr_wav.h drwav_read_pcm_frames_s16__msadpcm out-of-bounds
Details

A vulnerability has been found in jarikomppa soloud up to 20200207. Impacted is the function drwavreadpcmframess16_msadpcm in the library src/audiosource/wav/drwav.h of the component WAV File Parser. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit has been disclosed to the public and may be used. Upgrading to version 20200207 is recommended to address this issue. It is recommended to upgrade the affected component. The project was informed of the problem early through an issue report but has not responded yet.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/4xxx/CVE-2026-4009.json",
    "cwe_ids": [
        "CWE-119",
        "CWE-125"
    ],
    "cna_assigner": "VulDB"
}
References

Affected packages

Git / github.com/jarikomppa/soloud

Affected ranges

Type
GIT
Repo
https://github.com/jarikomppa/soloud
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "20200207"
        },
        {
            "last_affected": "20200207"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

Other
20200207
RELEASE_20200207

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-4009.json"