Vulnerability in Mackron Dr_libs Dr_flac.h
CVE-2026-32836
dr_libs dr_flac.h version 0.13.3 and earlier (fixed in commits fefced4, 4f5a4cd, and 663239a) contain an uncontrolled memory allocation vulnerability in drflac__read_and_decode_metadata() that allows attackers to trigger excessive memory a…
EPSS: 0.000 (3.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.2 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.
Affected products
- Mackron Dr_libs Dr_flac.h — versions 0, fefced4a64adfb1a68a2d31d882366e56096dee8, 4f5a4cd3b57564d969443c580c75857e039f100a
Weakness classification (CWE)
References
- github.com/mackron/dr_libs/issues/298 (issue-tracking)
- github.com/mackron/dr_libs/commit/fefced4a64adfb1a68a2d31d882366e56096dee8 (patch)
- github.com/mackron/dr_libs/commit/4f5a4cd3b57564d969443c580c75857e039f100a (patch)
- github.com/mackron/dr_libs/commit/663239a3d0460c33bd5b6e5166edcb404e3df676 (patch)
- www.vulncheck.com/advisories/mackron-dr-libs-excessive-memory-allocation-in-pic… (third-party-advisory)
Frequently asked questions
- What is CVE-2026-32836?
- CVE-2026-32836 is a medium-severity vulnerability in Mackron Dr_libs Dr_flac.h, classified under CWE-789. CVSS score: 6.2/10. Published 2026-03-17.
- How severe is CVE-2026-32836?
- Medium severity. CVSS v3 base score is 6.2 out of 10.